FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ca16fd0b-5fd1-11e6-a6f2-6cc21735f730PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities

PostgreSQL project reports:

Security Fixes nested CASE expressions + database and role names with embedded special characters

  • CVE-2016-5423: certain nested CASE expressions can cause the server to crash.
  • CVE-2016-5424: database and role names with embedded special characters can allow code injection during administrative operations like pg_dumpall.

Discovery 2016-08-11
Entry 2016-08-11
postgresql91-server
ge 9.1.0 lt 9.1.23

postgresql92-server
ge 9.2.0 lt 9.2.18

postgresql93-server
ge 9.3.0 lt 9.3.11

postgresql94-server
ge 9.4.0 lt 9.4.9

postgresql95-server
ge 9.5.0 lt 9.5.4

CVE-2016-5423
CVE-2016-5424
a0182578-6e00-11e5-a90c-0026551a22dcPostgreSQL -- minor security problems.

PostgreSQL project reports:

Two security issues have been fixed in this release which affect users of specific PostgreSQL features.

  • CVE-2015-5289 json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service.
  • CVE-2015-5288: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed.

Discovery 2015-10-08
Entry 2015-10-08
postgresql90-server
ge 9.0.0 lt 9.0.22

postgresql91-server
ge 9.1.0 lt 9.1.18

postgresql92-server
ge 9.2.0 lt 9.2.13

postgresql93-server
ge 9.3.0 lt 9.3.9

postgresql94-server
ge 9.4.0 lt 9.4.4

CVE-2015-5289
CVE-2015-5288
e8b6605b-d29f-11e5-8458-6cc21735f730PostgreSQL -- Security Fixes for Regular Expressions, PL/Java.

PostgreSQL project reports:

Security Fixes for Regular Expressions, PL/Java

  • CVE-2016-0773: This release closes security hole CVE-2016-0773, an issue with regular expression (regex) parsing. Prior code allowed users to pass in expressions which included out-of-range Unicode characters, triggering a backend crash. This issue is critical for PostgreSQL systems with untrusted users or which generate regexes based on user input.
  • CVE-2016-0766: The update also fixes CVE-2016-0766, a privilege escalation issue for users of PL/Java. Certain custom configuration settings (GUCS) for PL/Java will now be modifiable only by the database superuser

Discovery 2016-02-08
Entry 2016-02-12
postgresql91-server
ge 9.1.0 lt 9.1.20

postgresql92-server
ge 9.2.0 lt 9.2.15

postgresql93-server
ge 9.3.0 lt 9.3.11

postgresql94-server
ge 9.4.0 lt 9.4.6

postgresql95-server
ge 9.5.0 lt 9.5.1

CVE-2016-0773
CVE-2016-0766