[Git][security-tracker-team/security-tracker][master] new postgresql issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Aug 10 19:01:34 BST 2023



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e92b6791 by Moritz Muehlenhoff at 2023-08-10T20:01:05+02:00
new postgresql issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2023-39418 [MERGE fails to enforce UPDATE or SELECT row security policies]
+	- postgresql-15 15.4-1
+	- postgresql-13 <not-affected> (Only affects 15.x)
+	- postgresql-11 <not-affected> (Only affects 15.x)
+	NOTE: https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/
+CVE-2023-39417 [Extension script @substitutions@ within quoting allow SQL injection]
+	- postgresql-15 15.4-1
+	- postgresql-13 <removed>
+	- postgresql-11 <removed>
+	NOTE: https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/
 CVE-2023-4277 (The Realia plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
 	NOT-FOR-US: Realia plugin for WordPress
 CVE-2023-4276 (The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e92b67912c662cd133b129388bffa40f07372171

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e92b67912c662cd133b129388bffa40f07372171
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230810/6009d8d2/attachment.htm>


More information about the debian-security-tracker-commits mailing list