Summary: | <dev-db/postgresql-{11.4,10.9}: Stack-based buffer overflow via setting a password (CVE-2019-10164) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Aaron W. Swenson <titanofold> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | pgsql-bugs |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.postgresql.org/about/news/1949/ | ||
Whiteboard: | B1 [glsa+ cve] | ||
Package list: |
dev-db/postgresql-11.4 alpha amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86
dev-db/postgresql-10.9 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
|
Runtime testing required: | No |
Description
Aaron W. Swenson
2019-06-21 00:18:29 UTC
ia64 stable ppc stable ppc64 stable sparc stable amd64 stable x86 stable alpha stable arm64 stable arm stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4fa4501da1e923eaac0bb9af33e5ea979f539263 commit 4fa4501da1e923eaac0bb9af33e5ea979f539263 Author: Aaron W. Swenson <titanofold@gentoo.org> AuthorDate: 2019-07-29 10:31:28 +0000 Commit: Aaron W. Swenson <titanofold@gentoo.org> CommitDate: 2019-07-29 10:31:45 +0000 dev-db/postgresql: Cleanup insecure Bug: https://bugs.gentoo.org/688420 Package-Manager: Portage-2.3.66, Repoman-2.3.11 Signed-off-by: Aaron W. Swenson <titanofold@gentoo.org> dev-db/postgresql/Manifest | 2 - dev-db/postgresql/postgresql-10.8-r1.ebuild | 466 --------------------------- dev-db/postgresql/postgresql-10.8.ebuild | 460 --------------------------- dev-db/postgresql/postgresql-11.3-r1.ebuild | 468 ---------------------------- dev-db/postgresql/postgresql-11.3.ebuild | 460 --------------------------- 5 files changed, 1856 deletions(-) New GLSA request filed. This issue was resolved and addressed in GLSA 202003-03 at https://security.gentoo.org/glsa/202003-03 by GLSA coordinator Thomas Deutschmann (whissi). |