[Git][security-tracker-team/security-tracker][master] Add commit references for CVE-2023-3941{7,8}/postgresql

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 10 20:55:33 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
269a7f30 by Salvatore Bonaccorso at 2023-08-10T21:54:20+02:00
Add commit references for CVE-2023-3941{7,8}/postgresql

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2,12 +2,18 @@ CVE-2023-39418 [MERGE fails to enforce UPDATE or SELECT row security policies]
 	- postgresql-15 15.4-1
 	- postgresql-13 <not-affected> (Only affects 15.x)
 	- postgresql-11 <not-affected> (Only affects 15.x)
+	NOTE: https://www.postgresql.org/support/security/CVE-2023-39418/
 	NOTE: https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/
+	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229 (REL_15_4)
 CVE-2023-39417 [Extension script @substitutions@ within quoting allow SQL injection]
 	- postgresql-15 15.4-1
 	- postgresql-13 <removed>
 	- postgresql-11 <removed>
+	NOTE: https://www.postgresql.org/support/security/CVE-2023-39417/
 	NOTE: https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/
+	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=de494ec14f6bd7f2676623a5934723a6c8ba51c2 (REL_15_4)
+	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=b1b585e0fc3dd195bc2e338c80760bede08de5f1 (REL_13_12)
+	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=919ebb023e74546c6293352556365091c5402366 (REL_11_21)
 CVE-2023-4277 (The Realia plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
 	NOT-FOR-US: Realia plugin for WordPress
 CVE-2023-4276 (The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/269a7f30e232dea6679cf9c9c9eb375540aed48f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/269a7f30e232dea6679cf9c9c9eb375540aed48f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230810/952b6eb3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list