Document postgresql -- multiple vulnerabilities

PR:		120133 (basic on)
Submitted by:	Nick Barkas <snb@threerings.net>

1 files changed, 57 insertions, 0 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 2cd81566a514..504877359de2 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,63 @@ Note:  Please add new entries to the beginning of this file.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="51436b4c-1250-11dd-bab7-0016179b2dd5">
+    <topic>postgresql -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>postgresql</name>
+	<name>postgresql-server</name>
+	<range><ge>7.3</ge><lt>7.3.21</lt></range>
+	<range><ge>7.4</ge><lt>7.4.19</lt></range>
+	<range><ge>8.0</ge><lt>8.0.15</lt></range>
+	<range><ge>8.1</ge><lt>8.1.11</lt></range>
+	<range><ge>8.2</ge><lt>8.2.6</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The PostgreSQL developers report:</p>
+	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600">
+	  <p>PostgreSQL allows users to create indexes on the results of user-defined
+	    functions, known as "expression indexes". This provided two vulnerabilities
+	    to privilege escalation: (1) index functions were executed as the superuser
+	    and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE
+	    and SET SESSION AUTHORIZATION were permitted within index functions. Both
+	    of these holes have now been closed.</p>
+	</blockquote>
+	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772">
+	  <p>PostgreSQL allowed malicious users to initiate a denial-of-service by
+	    passing certain regular expressions in SQL queries. First, users could
+	    create infinite loops using some specific regular expressions. Second,
+	    certain complex regular expressions could consume excessive amounts of
+	    memory. Third, out-of-range backref numbers could be used to crash the
+	    backend.</p>
+	</blockquote>
+	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=">
+	  <p>DBLink functions combined with local trust or ident authentication could
+	    be used by a malicious user to gain superuser privileges. This issue has
+	    been fixed, and does not affect users who have not installed DBLink (an
+	    optional module), or who are using password authentication for local
+	    access. This same problem was addressed in the previous release cycle,
+	    but that patch failed to close all forms of the loophole.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2007-6600</cvename>
+      <cvename>CVE-2007-4772</cvename>
+      <cvename>CVE-2007-6067</cvename>
+      <cvename>CVE-2007-4769</cvename>
+      <cvename>CVE-2007-6601</cvename>
+      <bid>27163</bid>
+      <url>http://www.postgresql.org/about/news.905</url>
+    </references>
+    <dates>
+      <discovery>2008-01-06</discovery>
+      <entry>2008-04-24</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="fe971a0f-1246-11dd-bab7-0016179b2dd5">
     <topic>phpmyadmin -- Shared Host Information Disclosure</topic>
     <affects>