[Git][security-tracker-team/security-tracker][master] Add fixing commits for postgresql/CVE-2024-1097[6789]
Roberto C. Sánchez (@roberto)
roberto at debian.org
Mon Nov 18 14:23:08 GMT 2024
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9a99ef92 by Roberto C. Sánchez at 2024-11-18T09:22:33-05:00
Add fixing commits for postgresql/CVE-2024-1097[6789]
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -804,6 +804,24 @@ CVE-2024-10979 (Incorrect control of environment variables in PostgreSQL PL/Perl
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE: https://www.postgresql.org/support/security/CVE-2024-10979/
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=3ebcfa54db3309651d8f1d3be6451a8449f6c6ec (v17.2, 1 of 3)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=4cd4f3b97492c1b38115d0563a2e55b136eb542a (v17.2, 2 of 3)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=8d19f3fea003b1f744516b84cbdb0097ae7b2912 (v17.2, 3 of 3)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=8fe3e697a1a83a722b107c7cb9c31084e1f4d077 (v16.6, 1 of 4)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=88269df4da032bb1536d4291a13f3af4e1e599ba (v16.6, 2 of 4)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=168579e23bdbeda1a140440c0272b335d53ad061 (v16.6, 3 of 4)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=64df8870097aa286363a5d81462802783abbfa61 (v16.6, 4 of 4)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=e530835c6cc5b2dbf330ebe6b0a7fb9f19f5a54c (v15.10, 1 of 2)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=c834b375a6dc36ff92f9f738ef1d7af09d91165f (v15.10, 2 of 2)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=d15ec27c977100037ae513ab7fe1a214bfc2507b (v14.15, 1 of 3)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=f89bd92c963c3be30a1cf26960aa86aaad117235 (v14.15, 2 of 3)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=256e34653aadd3582b98411d7d26f4fbb865e0ec (v14.15, 3 of 3)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=e428cd058f0bebb5782b0c263565b0ad088e9650 (v13.18, 1 of 3)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=6bccd7b037d09b91ce272c68f43705e2fecd4cca (v13.18, 2 of 3)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=0bd9560d964abc09e446e4c5e264bb7a0886e5ea (v13.18, 3 of 3)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=2ab12d860e51e468703a2777b3759b7a61639df2 (v12.21, 1 of 3)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b1e58defb6a43fe35511eaa80858293b07c8b512 (v12.21, 2 of 3)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=9fc1c3a02ddc4cf2a34550c0f985288cea7094bd (v12.21, 3 of 3)
CVE-2024-10978 (Incorrect privilege assignment in PostgreSQL allows a less-privileged ...)
{DSA-5812-1 DLA-3954-1}
- postgresql-17 17.1-1
@@ -811,6 +829,24 @@ CVE-2024-10978 (Incorrect privilege assignment in PostgreSQL allows a less-privi
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE: https://www.postgresql.org/support/security/CVE-2024-10978/
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=cd82afdda5e9d3269706a142e9093ba83f484185 (v17.2, 1 of 2)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=f4f5d27d87247da1ec7e5a6e7990a22ffba9f63a (v17.2, 2 of 2)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=1c05004a895308da10ec000ba6b92f72f4f5b8e2 (v17.2, regression fix)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=ae340d0318521ae7234ed3b7221a1f65f39a52c0 (v16.6, 1 of 2)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=95f5a523729f6814c8757860d9a2264148b7b0df (v16.6, 2 of 2)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b0918c1286d316f6ffa93995452270afd4fc4335 (v16.6, regression fix)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=a5d2e6205f716c79ecfb15eb1aae75bae3f8daa9 (v15.10, 1 of 2)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=109a323807d752f66699a9ce0762244f536e784f (v15.10, 2 of 2)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=edf80895f6bda824403f843df91cbc83890e4b6c (v15.10, regression fix)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=2a68808e241bf667ff72c31ea9d0c4eb0b893982 (v14.15, 1 of 2)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=00b94e8e2f99a8ed1d7f854838234ce37f582da0 (v14.15, 2 of 2)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=be062bfa54d780c07a3b36c4123da2c960c8e97d (v14.15, regression fix)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=76123ded6e9b3624e380ac326645bd026aacd2f5 (v13.18, 1 of 2)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=dc7378793add3c3d9a40ec2118d92bd719acab97 (v13.18, 2 of 2)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=07c6e0f613612ff060572a085c1c24aa44c8b2bb (v13.18, regression fix)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=4c9d96f74ba4e7d01c086ca54f217e242dd65fae (v12.21, 1 of 2)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=0edad8654848affe0786c798aea9e1a43dde54bc (v12.21, 2 of 2)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=c463338656ac47e5210fcf9fbf7d20efccce8de8 (v12.21, regression fix)
CVE-2024-10977 (Client use of server error message in PostgreSQL allows a server not t ...)
{DSA-5812-1 DLA-3954-1}
- postgresql-17 17.1-1
@@ -818,6 +854,12 @@ CVE-2024-10977 (Client use of server error message in PostgreSQL allows a server
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE: https://www.postgresql.org/support/security/CVE-2024-10977/
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=a5cc4c66719be2ae1eebe92ad97727dc905bbc6d (v17.2)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=67d28bd02ec06f5056754bc295f57d2dd2bbd749 (v16.6)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=d2c3e31c13a6820980c2c6019f0b8f9f0b63ae6e (v15.10)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=e6c9454764d880ee30735aa8c1e05d3674722ff9 (v14.15)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=7b49707b72612ef068ce9275b9b6da104f1960f3 (v13.18)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=2a951ef0aace58026c31b9a88aeeda19c9af4205 (v12.21)
CVE-2024-10976 (Incomplete tracking in PostgreSQL of tables with row security allows a ...)
{DSA-5812-1 DLA-3954-1}
- postgresql-17 17.1-1
@@ -825,6 +867,12 @@ CVE-2024-10976 (Incomplete tracking in PostgreSQL of tables with row security al
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE: https://www.postgresql.org/support/security/CVE-2024-10976/
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=edcda9bb4c4500b75bb4a16c7c59834398ca2906 (v17.2)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=562289460e118fcad44ec916dcdab21e4763c38c (v16.6)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=6db5ea8de8ce15897b706009aaf701d23bd65b23 (v15.10)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=4e51030af9e0a12d7fa06b73acd0c85024f81062 (v14.15)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=952ff31e2a89e8ca79ecb12d61fddbeac3d89176 (v13.18)
+ NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=448525e8a44080b6048e24f6942284b7eeae1a5c (v12.21)
CVE-2024-9186 (The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5083 (A storedCross-site Scripting vulnerability has been discovered in Sona ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a99ef92abdcfcaae07a9045b7fad5aba6fff1cc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a99ef92abdcfcaae07a9045b7fad5aba6fff1cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241118/091c5954/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list