FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
e7bc5600-eaa0-11de-bd9c-00215c6a37bb	postgresql -- multiple vulnerabilities PostgreSQL project reports: PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230. Discovery 2009-11-20 Entry 2009-12-17 postgresql-client postgresql-server ge 7.4 lt 7.4.27 ge 8.0 lt 8.0.23 ge 8.1 lt 8.1.19 ge 8.2 lt 8.2.15 ge 8.3 lt 8.3.9 ge 8.4 lt 8.4.2 CVE-2009-4034 CVE-2009-4136
174b8864-6237-11e1-be18-14dae938ec40	databases/postgresql*-client -- multiple vulnerabilities The PostgreSQL Global Development Group reports: These vulnerabilities could allow users to define triggers that execute functions on which the user does not have EXECUTE permission, allow SSL certificate spoofing and allow line breaks in object names to be exploited to execute code when loading a pg_dump file. Discovery 2012-02-27 Entry 2012-02-28 postgresql-client < 8.3.18 ge 8.4 lt 8.4.11 ge 9 lt 9.0.7 ge 9.1 lt 9.1.3 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 http://www.postgresql.org/about/news/1377/

VuXML ID

Description

e7bc5600-eaa0-11de-bd9c-00215c6a37bb

postgresql -- multiple vulnerabilities

PostgreSQL project reports:

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.

Discovery 2009-11-20
Entry 2009-12-17
postgresql-client
postgresql-server

ge 7.4 lt 7.4.27

ge 8.0 lt 8.0.23

ge 8.1 lt 8.1.19

ge 8.2 lt 8.2.15

ge 8.3 lt 8.3.9

ge 8.4 lt 8.4.2

CVE-2009-4034
CVE-2009-4136

174b8864-6237-11e1-be18-14dae938ec40

databases/postgresql*-client -- multiple vulnerabilities

The PostgreSQL Global Development Group reports:

These vulnerabilities could allow users to define triggers that execute functions on which the user does not have EXECUTE permission, allow SSL certificate spoofing and allow line breaks in object names to be exploited to execute code when loading a pg_dump file.

Discovery 2012-02-27
Entry 2012-02-28
postgresql-client

< 8.3.18

ge 8.4 lt 8.4.11

ge 9 lt 9.0.7

ge 9.1 lt 9.1.3

CVE-2012-0866
CVE-2012-0867
CVE-2012-0868
http://www.postgresql.org/about/news/1377/