Release notes say: A modified server, or an unauthenticated man-in-the-middle, can send a not-zero-terminated error message during setup of GSSAPI (Kerberos) transport encryption. libpq will then copy that string, as well as following bytes in application memory up to the next zero byte, to its error report. Depending on what the calling application does with the error report, this could result in disclosure of application memory contents. There is also a small probability of a crash due to reading beyond the end of memory. Fix by properly zero-terminating the server message. (CVE-2022-41862) Affected versions: <dev-db-postgresql-{11.19,12.14,13.10,14.7,15.2} (in their respective slots) Stabilization requested in #903191
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=696842817115e2e1b327a70ef4b538dea4a56278 commit 696842817115e2e1b327a70ef4b538dea4a56278 Author: Patrick Lauer <patrick@gentoo.org> AuthorDate: 2023-03-30 16:43:33 +0000 Commit: Patrick Lauer <patrick@gentoo.org> CommitDate: 2023-03-30 16:44:02 +0000 dev-db/postgresql: drop versions Bug: https://bugs.gentoo.org/903193 Signed-off-by: Patrick Lauer <patrick@gentoo.org> dev-db/postgresql/Manifest | 11 - dev-db/postgresql/postgresql-10.22.ebuild | 453 ----------------------------- dev-db/postgresql/postgresql-11.17.ebuild | 453 ----------------------------- dev-db/postgresql/postgresql-11.18.ebuild | 453 ----------------------------- dev-db/postgresql/postgresql-12.12.ebuild | 453 ----------------------------- dev-db/postgresql/postgresql-12.13.ebuild | 453 ----------------------------- dev-db/postgresql/postgresql-13.8.ebuild | 465 ----------------------------- dev-db/postgresql/postgresql-13.9.ebuild | 465 ----------------------------- dev-db/postgresql/postgresql-14.5.ebuild | 465 ----------------------------- dev-db/postgresql/postgresql-14.6.ebuild | 465 ----------------------------- dev-db/postgresql/postgresql-15.0.ebuild | 467 ------------------------------ dev-db/postgresql/postgresql-15.1.ebuild | 467 ------------------------------ 12 files changed, 5070 deletions(-)
Thanks!