FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d331f691-71f4-11ea-8bb5-6cc21735f730	PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks The PostgreSQL project reports: Versions Affected: 9.6 - 12 The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is possible if an administrator has installed an extension and an unprivileged user can CREATE, or an extension owner either executes DROP EXTENSION predictably or can be convinced to execute DROP EXTENSION. Discovery 2020-02-13 Entry 2020-03-29 postgresql12-server lt 12.2 postgresql11-server lt 11.7 postgresql10-server lt 10.12 postgresql96-server lt 9.6.17 https://www.postgresql.org/about/news/1960/ CVE-2020-1720

VuXML ID

Description

d331f691-71f4-11ea-8bb5-6cc21735f730

PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks

The PostgreSQL project reports:

Versions Affected: 9.6 - 12

The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is possible if an administrator has installed an extension and an unprivileged user can CREATE, or an extension owner either executes DROP EXTENSION predictably or can be convinced to execute DROP EXTENSION.

Discovery 2020-02-13
Entry 2020-03-29
postgresql12-server

lt 12.2

postgresql11-server

lt 11.7

postgresql10-server

lt 10.12

postgresql96-server

lt 9.6.17

https://www.postgresql.org/about/news/1960/
CVE-2020-1720