[Git][security-tracker-team/security-tracker][master] Add CVE-2018-16850/postgresql

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9292e101 by Salvatore Bonaccorso at 2018-11-08T16:33:06Z
Add CVE-2018-16850/postgresql

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5429,8 +5429,15 @@ CVE-2018-16852
 	RESERVED
 CVE-2018-16851
 	RESERVED
-CVE-2018-16850
-	RESERVED
+CVE-2018-16850 [SQL injection in pg_upgrade and pg_dump, via CREATE TRIGGER ... REFERENCING]
+	RESERVED
+	- postgresql-11 <unfixed>
+	- postgresql-10 <unfixed>
+	- postgresql-9.6 <not-affected> (Only affects 11.x and 10.x)
+	- postgresql-9.4 <not-affected> (Only affects 11.x and 10.x)
+	- postgresql-9.1 <not-affected> (Only affects 11.x and 10.x)
+	NOTE: https://www.postgresql.org/about/news/1905/
+	NOTE: Fixed in 11.1, 10.6
 CVE-2018-16849 (A flaw was found in openstack-mistral. By manipulating the SSH private ...)
 	- mistral 7.0.0-2 (low; bug #912714)
 	[stretch] - mistral <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9292e10128963c58a9f9b094cc1bbee0cf624b84

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9292e10128963c58a9f9b094cc1bbee0cf624b84
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181108/d835bc8f/attachment-0001.html>