Summary: | <dev-db/postgresql-{12.20,13.16,14.13,15.8,16.4}: relation replacement during pg_dump executes arbitrary SQL | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Patrick Lauer <patrick> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | blocker | CC: | csfore, pgsql-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/ | ||
Whiteboard: | A1 [glsa cleanup] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 937572 | ||
Bug Blocks: |
Description
Patrick Lauer
2024-08-08 13:20:56 UTC
Downgrading this to A1 since the attacker must be "able to create and drop non-temporary objects", which as far as I can tell requires some kind of existing access to the database server. |