FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-09 08:42:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
19e6dd1b-c6a5-11ee-9cd0-6cc21735f730	postgresql-server -- non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL PostgreSQL Project reports: One step of a concurrent refresh command was run under weak security restrictions. If a materialized view's owner could persuade a superuser or other high-privileged user to perform a concurrent refresh on that view, the view's owner could control code executed with the privileges of the user running REFRESH. The fix for the vulnerability makes is so that all user-determined code is run as the view's owner, as expected. Discovery 2024-02-08 Entry 2024-02-08 postgresql-server < 15.6 < 14.11 < 13.14 < 12.18 CVE-2024-0985 https://www.postgresql.org/support/security/CVE-2024-0985/

VuXML ID

Description

19e6dd1b-c6a5-11ee-9cd0-6cc21735f730

postgresql-server -- non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL

PostgreSQL Project reports:

One step of a concurrent refresh command was run under weak security restrictions. If a materialized view's owner could persuade a superuser or other high-privileged user to perform a concurrent refresh on that view, the view's owner could control code executed with the privileges of the user running REFRESH. The fix for the vulnerability makes is so that all user-determined code is run as the view's owner, as expected.

Discovery 2024-02-08
Entry 2024-02-08
postgresql-server

< 15.6

< 14.11

< 13.14

< 12.18

CVE-2024-0985
https://www.postgresql.org/support/security/CVE-2024-0985/