FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ca16fd0b-5fd1-11e6-a6f2-6cc21735f730PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities

PostgreSQL project reports:

Security Fixes nested CASE expressions + database and role names with embedded special characters

  • CVE-2016-5423: certain nested CASE expressions can cause the server to crash.
  • CVE-2016-5424: database and role names with embedded special characters can allow code injection during administrative operations like pg_dumpall.

Discovery 2016-08-11
Entry 2016-08-11
postgresql91-server
ge 9.1.0 lt 9.1.23

postgresql92-server
ge 9.2.0 lt 9.2.18

postgresql93-server
ge 9.3.0 lt 9.3.11

postgresql94-server
ge 9.4.0 lt 9.4.9

postgresql95-server
ge 9.5.0 lt 9.5.4

CVE-2016-5423
CVE-2016-5424
fc38cd83-00b3-11e5-8ebd-0026551a22dcPostgreSQL -- minor security problems.

PostgreSQL project reports:

This update fixes three security vulnerabilities reported in PostgreSQL over the past few months. Nether of these issues is seen as particularly urgent. However, users should examine them in case their installations are vulnerable:.

  • CVE-2015-3165 Double "free" after authentication timeout.
  • CVE-2015-3166 Unanticipated errors from the standard library.
  • CVE-2015-3167 pgcrypto has multiple error messages for decryption with an incorrect key.

Discovery 2015-04-10
Entry 2015-05-22
postgresql90-server
ge 9.0.0 lt 9.0.20

postgresql91-server
ge 9.1.0 lt 9.1.16

postgresql92-server
ge 9.2.0 lt 9.2.11

postgresql93-server
ge 9.3.0 lt 9.3.7

postgresql94-server
ge 9.4.0 lt 9.4.2

CVE-2015-3165
CVE-2015-3166
CVE-2015-3167
3b40bf2c-ad83-11e4-a2b2-0026551a22dcPostgreSQL -- multiple buffer overflows and memory issues

PostgreSQL Project reports:

This update fixes multiple security issues reported in PostgreSQL over the past few months. All of these issues require prior authentication, and some require additional conditions, and as such are not considered generally urgent. However, users should examine the list of security holes patched below in case they are particularly vulnerable.

  1. CVE-2015-0241 Buffer overruns in "to_char" functions.
  2. CVE-2015-0242 Buffer overrun in replacement printf family of functions.
  3. CVE-2015-0243 Memory errors in functions in the pgcrypto extension.
  4. CVE-2015-0244 An error in extended protocol message reading.
  5. CVE-2014-8161 Constraint violation errors can cause display of values in columns which the user would not normally have rights to see.

Discovery 2015-02-05
Entry 2015-02-05
postgresql90-server
ge 9.0.0 lt 9.0.19

postgresql91-server
ge 9.1.0 lt 9.1.15

postgresql92-server
ge 9.2.0 lt 9.2.10

postgresql93-server
ge 9.3.0 lt 9.3.6

postgresql94-server
ge 9.4.0 lt 9.4.1

CVE-2015-0241
CVE-2015-0242
CVE-2015-0243
CVE-2015-0244
CVE-2014-8161
1f02af5d-c566-11e7-a12d-6cc21735f730PostgreSQL vulnerabilities

The PostgreSQL project reports:

  • CVE-2017-15098: Memory disclosure in JSON functions
  • CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges

Discovery 2017-10-10
Entry 2017-11-09
postgresql92-server
ge 9.2.0 lt 9.2.24

postgresql93-server
ge 9.3.0 lt 9.3.20

postgresql94-server
ge 9.4.0 lt 9.4.15

postgresql95-server
ge 9.5.0 lt 9.5.10

postgresql96-server
ge 9.6.0 lt 9.6.6

postgresql10-server
ge 10.0 lt 10.1

CVE-2017-15099
CVE-2017-15098
982872f1-7dd3-11e7-9736-6cc21735f730PostgreSQL vulnerabilities

The PostgreSQL project reports:

  • CVE-2017-7546: Empty password accepted in some authentication methods
  • CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges
  • CVE-2017-7548: lo_put() function ignores ACLs

Discovery 2017-08-10
Entry 2017-08-10
postgresql92-server
ge 9.2.0 lt 9.2.22

postgresql93-server
ge 9.3.0 lt 9.3.18

postgresql94-server
ge 9.4.0 lt 9.4.13

postgresql95-server
ge 9.5.0 lt 9.5.8

postgresql96-server
ge 9.6.0 lt 9.6.4

CVE-2017-7546
CVE-2017-7547
CVE-2017-7548
414c18bf-3653-11e7-9550-6cc21735f730PostgreSQL vulnerabilities

The PostgreSQL project reports:

Security Fixes nested CASE expressions + database and role names with embedded special characters

  • CVE-2017-7484: selectivity estimators bypass SELECT privilege checks.
  • CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable
  • CVE-2017-7486: pg_user_mappings view discloses foreign server passwords. This applies to new databases, see the release notes for the procedure to apply the fix to an existing database.

Discovery 2017-05-11
Entry 2017-05-11
postgresql92-client
ge 9.2.0 lt 9.2.20

postgresql93-client
ge 9.3.0 lt 9.3.16

postgresql94-client
ge 9.4.0 lt 9.4.11

postgresql95-client
ge 9.5.0 lt 9.5.6

postgresql96-client
ge 9.6.0 lt 9.6.2

postgresql92-server
ge 9.2.0 lt 9.2.20

postgresql93-server
ge 9.3.0 lt 9.3.16

postgresql94-server
ge 9.4.0 lt 9.4.11

postgresql95-server
ge 9.5.0 lt 9.5.6

postgresql96-server
ge 9.6.0 lt 9.6.2

CVE-2016-5423
CVE-2016-5424
e8b6605b-d29f-11e5-8458-6cc21735f730PostgreSQL -- Security Fixes for Regular Expressions, PL/Java.

PostgreSQL project reports:

Security Fixes for Regular Expressions, PL/Java

  • CVE-2016-0773: This release closes security hole CVE-2016-0773, an issue with regular expression (regex) parsing. Prior code allowed users to pass in expressions which included out-of-range Unicode characters, triggering a backend crash. This issue is critical for PostgreSQL systems with untrusted users or which generate regexes based on user input.
  • CVE-2016-0766: The update also fixes CVE-2016-0766, a privilege escalation issue for users of PL/Java. Certain custom configuration settings (GUCS) for PL/Java will now be modifiable only by the database superuser

Discovery 2016-02-08
Entry 2016-02-12
postgresql91-server
ge 9.1.0 lt 9.1.20

postgresql92-server
ge 9.2.0 lt 9.2.15

postgresql93-server
ge 9.3.0 lt 9.3.11

postgresql94-server
ge 9.4.0 lt 9.4.6

postgresql95-server
ge 9.5.0 lt 9.5.1

CVE-2016-0773
CVE-2016-0766
a0182578-6e00-11e5-a90c-0026551a22dcPostgreSQL -- minor security problems.

PostgreSQL project reports:

Two security issues have been fixed in this release which affect users of specific PostgreSQL features.

  • CVE-2015-5289 json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service.
  • CVE-2015-5288: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed.

Discovery 2015-10-08
Entry 2015-10-08
postgresql90-server
ge 9.0.0 lt 9.0.22

postgresql91-server
ge 9.1.0 lt 9.1.18

postgresql92-server
ge 9.2.0 lt 9.2.13

postgresql93-server
ge 9.3.0 lt 9.3.9

postgresql94-server
ge 9.4.0 lt 9.4.4

CVE-2015-5289
CVE-2015-5288