FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  371119
Date:      2014-10-18
Time:      12:52:26Z
Committer: kwm

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e7bc5600-eaa0-11de-bd9c-00215c6a37bbpostgresql -- multiple vulnerabilities

PostgreSQL project reports:

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.


Discovery 2009-11-20
Entry 2009-12-17
postgresql-client
postgresql-server
ge 7.4 lt 7.4.27

ge 8.0 lt 8.0.23

ge 8.1 lt 8.1.19

ge 8.2 lt 8.2.15

ge 8.3 lt 8.3.9

ge 8.4 lt 8.4.2

CVE-2009-4034
CVE-2009-4136
174b8864-6237-11e1-be18-14dae938ec40databases/postgresql*-client -- multiple vulnerabilities

The PostgreSQL Global Development Group reports:

These vulnerabilities could allow users to define triggers that execute functions on which the user does not have EXECUTE permission, allow SSL certificate spoofing and allow line breaks in object names to be exploited to execute code when loading a pg_dump file.


Discovery 2012-02-27
Entry 2012-02-28
postgresql-client
lt 8.3.18

ge 8.4 lt 8.4.11

ge 9 lt 9.0.7

ge 9.1 lt 9.1.3

CVE-2012-0866
CVE-2012-0867
CVE-2012-0868
http://www.postgresql.org/about/news/1377/
174b8864-6237-11e1-be18-14dae938ec40databases/postgresql*-client -- multiple vulnerabilities

The PostgreSQL Global Development Group reports:

These vulnerabilities could allow users to define triggers that execute functions on which the user does not have EXECUTE permission, allow SSL certificate spoofing and allow line breaks in object names to be exploited to execute code when loading a pg_dump file.


Discovery 2012-02-27
Entry 2012-02-28
postgresql-client
lt 8.3.18

ge 8.4 lt 8.4.11

ge 9 lt 9.0.7

ge 9.1 lt 9.1.3

CVE-2012-0866
CVE-2012-0867
CVE-2012-0868
http://www.postgresql.org/about/news/1377/
e7bc5600-eaa0-11de-bd9c-00215c6a37bbpostgresql -- multiple vulnerabilities

PostgreSQL project reports:

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain privileges via a table with crafted index functions, as demonstrated by functions that modify (1) search_path or (2) a prepared statement, a related issue to CVE-2007-6600 and CVE-2009-3230.


Discovery 2009-11-20
Entry 2009-12-17
postgresql-client
postgresql-server
ge 7.4 lt 7.4.27

ge 8.0 lt 8.0.23

ge 8.1 lt 8.1.19

ge 8.2 lt 8.2.15

ge 8.3 lt 8.3.9

ge 8.4 lt 8.4.2

CVE-2009-4034
CVE-2009-4136