Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 308063 (CVE-2010-0442)

Summary: dev-db/postgresql-server: DOS (CVE-2010-0442)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: esigra, pgsql-bugs
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 320967    
Bug Blocks:    

Description Stefan Behte (RETIRED) gentoo-dev Security 2010-03-06 15:51:47 UTC
CVE-2010-0442 (
  The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL
  8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause
  a denial of service (daemon crash) or have unspecified other impact
  via vectors involving a negative integer in the third argument, as
  demonstrated by a SELECT statement that contains a call to the
  substring function for a bit string, related to an "overflow."
Comment 1 Patrick Lauer gentoo-dev 2010-06-16 18:57:27 UTC
This should be fixed with the stabilizations requested in #320967
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-08-01 12:37:34 UTC
Thanks for the info patrich; adding dependency.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2011-10-25 07:51:13 UTC
This issue was resolved and addressed in
 GLSA 201110-22 at
by GLSA coordinator Alex Legler (a3li).