[Git][security-tracker-team/security-tracker][master] new postgresql issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Aug 10 19:01:34 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e92b6791 by Moritz Muehlenhoff at 2023-08-10T20:01:05+02:00
new postgresql issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2023-39418 [MERGE fails to enforce UPDATE or SELECT row security policies]
+ - postgresql-15 15.4-1
+ - postgresql-13 <not-affected> (Only affects 15.x)
+ - postgresql-11 <not-affected> (Only affects 15.x)
+ NOTE: https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/
+CVE-2023-39417 [Extension script @substitutions@ within quoting allow SQL injection]
+ - postgresql-15 15.4-1
+ - postgresql-13 <removed>
+ - postgresql-11 <removed>
+ NOTE: https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/
CVE-2023-4277 (The Realia plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
NOT-FOR-US: Realia plugin for WordPress
CVE-2023-4276 (The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e92b67912c662cd133b129388bffa40f07372171
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e92b67912c662cd133b129388bffa40f07372171
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230810/6009d8d2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list