aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authordelphij <delphij@FreeBSD.org>2010-03-26 05:45:55 +0800
committerdelphij <delphij@FreeBSD.org>2010-03-26 05:45:55 +0800
commit0cded3cea151dc8194d92bbe9c80270c2e8e164d (patch)
tree3e6f80954a674e3cf1e217788ee306184f8c3d5e /security
parent167b2c81f07abcb5dcf808d3336d1158e80a71b3 (diff)
downloadfreebsd-ports-gnome-0cded3cea151dc8194d92bbe9c80270c2e8e164d.tar.gz
freebsd-ports-gnome-0cded3cea151dc8194d92bbe9c80270c2e8e164d.tar.zst
freebsd-ports-gnome-0cded3cea151dc8194d92bbe9c80270c2e8e164d.zip
Document postgresql bitsubstr overflow vulnerability
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml37
1 files changed, 37 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index b3ec4160c8e2..90503cac4417 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,43 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="e050119b-3856-11df-b2b2-002170daae37">
+ <topic>postgresql -- bitsubstr overflow</topic>
+ <affects>
+ <package>
+ <name>postgresql-server</name>
+ <range><ge>7.4</ge><lt>7.4.28</lt></range>
+ <range><ge>8.0</ge><lt>8.0.24</lt></range>
+ <range><ge>8.1</ge><lt>8.1.20</lt></range>
+ <range><ge>8.2</ge><lt>8.2.16</lt></range>
+ <range><ge>8.3</ge><lt>8.3.10</lt></range>
+ <range><ge>8.4</ge><lt>8.4.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>BugTraq reports:</p>
+ <blockquote cite="http://www.securityfocus.com/bid/37973">
+ <p>PostgreSQL is prone to a buffer-overflow
+ vulnerability because the application fails to
+ perform adequate boundary checks on user-supplied
+ data.</p>
+ <p>Attackers can exploit this issue to execute
+ arbitrary code with elevated privileges or
+ crash the affected application.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <bid>37973</bid>
+ <cvename>CVE-2010-0442</cvename>
+ </references>
+ <dates>
+ <discovery>2010-01-27</discovery>
+ <entry>2010-03-25</entry>
+ </dates>
+ </vuln>
+
<vuln vid="c175d72f-3773-11df-8bb8-0211d880e350">
<topic>gtar -- buffer overflow in rmt client</topic>
<affects>