FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d331f691-71f4-11ea-8bb5-6cc21735f730PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks

The PostgreSQL project reports:

Versions Affected: 9.6 - 12

The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is possible if an administrator has installed an extension and an unprivileged user can CREATE, or an extension owner either executes DROP EXTENSION predictably or can be convinced to execute DROP EXTENSION.


Discovery 2020-02-13
Entry 2020-03-29
postgresql12-server
lt 12.2

postgresql11-server
lt 11.7

postgresql10-server
lt 10.12

postgresql96-server
lt 9.6.17

https://www.postgresql.org/about/news/1960/
CVE-2020-1720