FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e8b6605b-d29f-11e5-8458-6cc21735f730PostgreSQL -- Security Fixes for Regular Expressions, PL/Java.

PostgreSQL project reports:

Security Fixes for Regular Expressions, PL/Java

  • CVE-2016-0773: This release closes security hole CVE-2016-0773, an issue with regular expression (regex) parsing. Prior code allowed users to pass in expressions which included out-of-range Unicode characters, triggering a backend crash. This issue is critical for PostgreSQL systems with untrusted users or which generate regexes based on user input.
  • CVE-2016-0766: The update also fixes CVE-2016-0766, a privilege escalation issue for users of PL/Java. Certain custom configuration settings (GUCS) for PL/Java will now be modifiable only by the database superuser

Discovery 2016-02-08
Entry 2016-02-12
postgresql91-server
ge 9.1.0 lt 9.1.20

postgresql92-server
ge 9.2.0 lt 9.2.15

postgresql93-server
ge 9.3.0 lt 9.3.11

postgresql94-server
ge 9.4.0 lt 9.4.6

postgresql95-server
ge 9.5.0 lt 9.5.1

CVE-2016-0773
CVE-2016-0766
414c18bf-3653-11e7-9550-6cc21735f730PostgreSQL vulnerabilities

The PostgreSQL project reports:

Security Fixes nested CASE expressions + database and role names with embedded special characters

  • CVE-2017-7484: selectivity estimators bypass SELECT privilege checks.
  • CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable
  • CVE-2017-7486: pg_user_mappings view discloses foreign server passwords. This applies to new databases, see the release notes for the procedure to apply the fix to an existing database.

Discovery 2017-05-11
Entry 2017-05-11
postgresql92-client
ge 9.2.0 lt 9.2.20

postgresql93-client
ge 9.3.0 lt 9.3.16

postgresql94-client
ge 9.4.0 lt 9.4.11

postgresql95-client
ge 9.5.0 lt 9.5.6

postgresql96-client
ge 9.6.0 lt 9.6.2

postgresql92-server
ge 9.2.0 lt 9.2.20

postgresql93-server
ge 9.3.0 lt 9.3.16

postgresql94-server
ge 9.4.0 lt 9.4.11

postgresql95-server
ge 9.5.0 lt 9.5.6

postgresql96-server
ge 9.6.0 lt 9.6.2

CVE-2016-5423
CVE-2016-5424
1f02af5d-c566-11e7-a12d-6cc21735f730PostgreSQL vulnerabilities

The PostgreSQL project reports:

  • CVE-2017-15098: Memory disclosure in JSON functions
  • CVE-2017-15099: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges

Discovery 2017-10-10
Entry 2017-11-09
postgresql92-server
ge 9.2.0 lt 9.2.24

postgresql93-server
ge 9.3.0 lt 9.3.20

postgresql94-server
ge 9.4.0 lt 9.4.15

postgresql95-server
ge 9.5.0 lt 9.5.10

postgresql96-server
ge 9.6.0 lt 9.6.6

postgresql10-server
ge 10.0 lt 10.1

CVE-2017-15099
CVE-2017-15098
ca16fd0b-5fd1-11e6-a6f2-6cc21735f730PostgreSQL -- Denial-of-Service and Code Injection Vulnerabilities

PostgreSQL project reports:

Security Fixes nested CASE expressions + database and role names with embedded special characters

  • CVE-2016-5423: certain nested CASE expressions can cause the server to crash.
  • CVE-2016-5424: database and role names with embedded special characters can allow code injection during administrative operations like pg_dumpall.

Discovery 2016-08-11
Entry 2016-08-11
postgresql91-server
ge 9.1.0 lt 9.1.23

postgresql92-server
ge 9.2.0 lt 9.2.18

postgresql93-server
ge 9.3.0 lt 9.3.11

postgresql94-server
ge 9.4.0 lt 9.4.9

postgresql95-server
ge 9.5.0 lt 9.5.4

CVE-2016-5423
CVE-2016-5424
982872f1-7dd3-11e7-9736-6cc21735f730PostgreSQL vulnerabilities

The PostgreSQL project reports:

  • CVE-2017-7546: Empty password accepted in some authentication methods
  • CVE-2017-7547: The "pg_user_mappings" catalog view discloses passwords to users lacking server privileges
  • CVE-2017-7548: lo_put() function ignores ACLs

Discovery 2017-08-10
Entry 2017-08-10
postgresql92-server
ge 9.2.0 lt 9.2.22

postgresql93-server
ge 9.3.0 lt 9.3.18

postgresql94-server
ge 9.4.0 lt 9.4.13

postgresql95-server
ge 9.5.0 lt 9.5.8

postgresql96-server
ge 9.6.0 lt 9.6.4

CVE-2017-7546
CVE-2017-7547
CVE-2017-7548