FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2025-07-24 16:49:09 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|
| 2a220a73-4759-11f0-a44a-6cc21735f730 | PostgreSQL JDBC library -- Improper Authentication
PostgreSQL JDBC Driver project reports:
Client Allows Fallback to Insecure Authentication Despite
channelBinding=require configuration. Fix channel binding
required handling to reject non-SASL authentication Previously,
when channel binding was set to "require", the driver
would silently ignore this requirement for non-SASL
authentication methods. This could lead to a false sense of
security when channel binding was explicitly requested but not
actually enforced. The fix ensures that when channel binding is
set to "require", the driver will reject connections that use
non-SASL authentication methods or when SASL authentication has
not completed properly.
Discovery 2025-06-12
Entry 2025-06-12
postgresql-jdbc
< 42.7.7
CVE-2025-49146
https://nvd.nist.gov/vuln/detail/CVE-2025-49146
|