FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ca16fd0b-5fd1-11e6-a6f2-6cc21735f730PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities

PostgreSQL project reports:

Security Fixes nested CASE expressions + database and role names with embedded special characters

  • CVE-2016-5423: certain nested CASE expressions can cause the server to crash.
  • CVE-2016-5424: database and role names with embedded special characters can allow code injection during administrative operations like pg_dumpall.

Discovery 2016-08-11
Entry 2016-08-11
postgresql91-server
ge 9.1.0 lt 9.1.23

postgresql92-server
ge 9.2.0 lt 9.2.18

postgresql93-server
ge 9.3.0 lt 9.3.11

postgresql94-server
ge 9.4.0 lt 9.4.9

postgresql95-server
ge 9.5.0 lt 9.5.4

CVE-2016-5423
CVE-2016-5424
414c18bf-3653-11e7-9550-6cc21735f730PostgreSQL vulnerabilities

The PostgreSQL project reports:

Security Fixes nested CASE expressions + database and role names with embedded special characters

  • CVE-2017-7484: selectivity estimators bypass SELECT privilege checks.
  • CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable
  • CVE-2017-7486: pg_user_mappings view discloses foreign server passwords. This applies to new databases, see the release notes for the procedure to apply the fix to an existing database.

Discovery 2017-05-11
Entry 2017-05-11
postgresql92-client
ge 9.2.0 lt 9.2.20

postgresql93-client
ge 9.3.0 lt 9.3.16

postgresql94-client
ge 9.4.0 lt 9.4.11

postgresql95-client
ge 9.5.0 lt 9.5.6

postgresql96-client
ge 9.6.0 lt 9.6.2

postgresql92-server
ge 9.2.0 lt 9.2.20

postgresql93-server
ge 9.3.0 lt 9.3.16

postgresql94-server
ge 9.4.0 lt 9.4.11

postgresql95-server
ge 9.5.0 lt 9.5.6

postgresql96-server
ge 9.6.0 lt 9.6.2

CVE-2016-5423
CVE-2016-5424
982872f1-7dd3-11e7-9736-6cc21735f730PostgreSQL vulnerabilities

The PostgreSQL project reports:

  • CVE-2017-7546: Empty password accepted in some authentication methods
  • CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges
  • CVE-2017-7548: lo_put() function ignores ACLs

Discovery 2017-08-10
Entry 2017-08-10
postgresql92-server
ge 9.2.0 lt 9.2.22

postgresql93-server
ge 9.3.0 lt 9.3.18

postgresql94-server
ge 9.4.0 lt 9.4.13

postgresql95-server
ge 9.5.0 lt 9.5.8

postgresql96-server
ge 9.6.0 lt 9.6.4

CVE-2017-7546
CVE-2017-7547
CVE-2017-7548
1f02af5d-c566-11e7-a12d-6cc21735f730PostgreSQL vulnerabilities

The PostgreSQL project reports:

  • CVE-2017-15098: Memory disclosure in JSON functions
  • CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges

Discovery 2017-10-10
Entry 2017-11-09
postgresql92-server
ge 9.2.0 lt 9.2.24

postgresql93-server
ge 9.3.0 lt 9.3.20

postgresql94-server
ge 9.4.0 lt 9.4.15

postgresql95-server
ge 9.5.0 lt 9.5.10

postgresql96-server
ge 9.6.0 lt 9.6.6

postgresql10-server
ge 10.0 lt 10.1

CVE-2017-15099
CVE-2017-15098