From https://github.com/pgadmin-org/pgagent/releases/tag/pgagent-4.2.3 """ Fix for CVE-2025-0218: When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks. The pgAdmin project thanks Wolfgang Frisch from SUSE for reporting this issue. """
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a0a6922e746fcea02a151f9ee7fdf1c5ce680a3 commit 7a0a6922e746fcea02a151f9ee7fdf1c5ce680a3 Author: Sam James <sam@gentoo.org> AuthorDate: 2025-05-21 20:24:55 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-05-21 20:27:44 +0000 dev-db/pgagent: add 4.2.3 Bug: https://bugs.gentoo.org/956398 Closes: https://bugs.gentoo.org/884711 Closes: https://bugs.gentoo.org/954002 Signed-off-by: Sam James <sam@gentoo.org> dev-db/pgagent/Manifest | 1 + dev-db/pgagent/files/pgagent-4.2.3-cmake-4.patch | 12 ++++++ dev-db/pgagent/pgagent-4.2.3.ebuild | 48 ++++++++++++++++++++++++ 3 files changed, 61 insertions(+)
