CVE-2021-20229: A flaw was found in PostgreSQL in versions before 13.2, before 12.6, before 11.11, before 10.16, before 9.6.21 and before 9.5.25. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. The only reference on the CVE is the Redhat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1925296 Please stabilize the fixed versions.
This summary is incorrect. Only version starting with 13 before 13.2 are affected. Versions 12.x, 11.x, 10.x, 9.6x, and 9.5.x are unaffected. This is covered in the official news release by PostgreSQL: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/ *** This bug has been marked as a duplicate of bug 771942 ***
(In reply to Aaron W. Swenson from comment #1) > This summary is incorrect. Only version starting with 13 before 13.2 are > affected. Versions 12.x, 11.x, 10.x, 9.6x, and 9.5.x are unaffected. > > This is covered in the official news release by PostgreSQL: > https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and- > 9525-released-2165/ > > *** This bug has been marked as a duplicate of bug 771942 *** Thanks. I'll tell MITRE. Sorry for missing the other bug.
