FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-10-10 08:58:57 UTC

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
78b8e808-2c45-11f0-9a65-6cc21735f730	PostgreSQL -- PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation PostgreSQL project reports: A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected. Discovery 2025-05-08 Entry 2025-05-08 postgresql17-client < 17.5 postgresql16-client < 16.9 postgresql15-client < 15.13 postgresql14-client < 14.18 postgresql13-client < 13.21 postgresql17-server < 17.5 postgresql16-server < 16.9 postgresql15-server < 15.13 postgresql14-server < 14.18 postgresql13-server < 13.21 CVE-2025-4207 https://www.postgresql.org/support/security/CVE-2025-4207/
fc048b51-7909-11f0-90a2-6cc21735f730	PostgreSQL -- vulnerabilities PostgreSQL project reports: Tighten security checks in planner estimation functions. Prevent pg_dump scripts from being used to attack the user running the restore. Convert newlines to spaces in names included in comments in pg_dump output. Discovery 2025-08-11 Entry 2025-08-14 postgresql17-server < 17.6 postgresql16-server < 16.10 postgresql15-server < 14.14 postgresql14-server < 14.19 postgresql13-server < 13.22 CVE-2025-8713 CVE-2025-8714 CVE-2025-8715 https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/

VuXML ID

Description

PostgreSQL -- PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation

PostgreSQL project reports:

A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.

Discovery 2025-05-08
Entry 2025-05-08
postgresql17-client

< 17.5

postgresql16-client

< 16.9

postgresql15-client

< 15.13

postgresql14-client

< 14.18

postgresql13-client

< 13.21

postgresql17-server

< 17.5

postgresql16-server

< 16.9

postgresql15-server

< 15.13

postgresql14-server

< 14.18

postgresql13-server

< 13.21

CVE-2025-4207
https://www.postgresql.org/support/security/CVE-2025-4207/

fc048b51-7909-11f0-90a2-6cc21735f730

PostgreSQL -- vulnerabilities

PostgreSQL project reports:

Tighten security checks in planner estimation functions.

Prevent pg_dump scripts from being used to attack the user running the restore.

Convert newlines to spaces in names included in comments in pg_dump output.

Discovery 2025-08-11
Entry 2025-08-14
postgresql17-server

< 17.6

postgresql16-server

< 16.10

postgresql15-server

< 14.14

postgresql14-server

< 14.19

postgresql13-server

< 13.22

CVE-2025-8713
CVE-2025-8714
CVE-2025-8715
https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/