Summary: | dev-db/postgresql DoS and Information Disclosure (CVE-2007-0555 CVE-2007-0556) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Executioner <keith> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | bernd, chainsaw, earny, esigra, pgsql-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/24033/ | ||
Whiteboard: | B3 [glsa] Falco | ||
Package list: | Runtime testing required: | --- |
Description
Executioner
2007-02-05 19:47:04 UTC
*** Bug 165562 has been marked as a duplicate of this bug. *** Ooops, wait! :-) 8.1.7 and 8.2.2 are buggy, see http://archives.postgresql.org/pgsql-hackers/2007-02/msg00286.php See update from Postgress Developer: http://archives.postgresql.org/pgsql-announce/2007-02/msg00008.php Kind regards libpq and postgresql 7.3.18 have been committed to the tree. (In reply to comment #4) > libpq and postgresql 7.3.18 have been committed to the tree. > Thanks, perfect. Hi arches, please test and mark stable if appropriate those ebuilds : libpq-7.3.18 postgresql-7.3.18 libpq-7.4.16 postgresql-7.4.16 libpq-8.0.12 postgresql-8.0.12 (In reply to comment #5) > libpq-7.3.18 > postgresql-7.3.18 > libpq-7.4.16 > postgresql-7.4.16 > >>> Unpacking postgresql-opt-7.3.18.tar.bz2 to /var/tmp/portage/dev-db/libpq-7.3.18/work * Applying libpq-7.3.18-gentoo.patch ... * Failed Patch: libpq-7.3.18-gentoo.patch ! * ( /usr/portage/dev-db/libpq/files/libpq-7.3.18-gentoo.patch ) Same occurs with 7.4.16. The 7.3 and 7.4 problems are because I missed CVS keywords in the libpq patches for those versions. I've committed fixes for libpq-7.3 and 7.4, and I've verified none of the other ebuilds have that problem. Sorry for any confusion. x86 stable jep.. seems to work. ppc64 stable sparc stable. Stable for HPPA. As a side note, postgresql-7.3.18 failed the horology regression test whilst 7.4.16 did not. I did not test this for 8.0.12 within the scope of this bug. (In reply to comment #11) > Stable for HPPA. As a side note, postgresql-7.3.18 failed the horology > regression test whilst 7.4.16 did not. I did not test this for 8.0.12 within > the scope of this bug. Found the source too: compare [1] and [2]. False alarm. [1] http://www.postgresql.org/docs/7.3/interactive/regress-platform.html [2] http://www.postgresql.org/docs/7.4/interactive/regress-platform.html Stable on Alpha + IA64. ppc stable Hi amd64, there is something causing trouble? (In reply to comment #15) > Hi amd64, there is something causing trouble? Nothing unusual. Stable on amd64. voting no mmm i don't know.... CVE-2007-0556 seems a little severe. tend to vote yes here another security member with interesting arguments? Otherwise i would say "yes" too. GLSA request filled. GLSA 200701-15 sent but apprently, it never hit gentoo-announce@ GLSA 200703-15 seems to have finally reached g-announce. Closing then. Thanks to everybody |