CVE-2007-2138
Published: 24 April 2007
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
Priority
Status
Package | Release | Status |
---|---|---|
postgresql-8.1 Launchpad, Ubuntu, Debian |
dapper |
Released
(8.1.9-0ubuntu0.6.06)
|
edgy |
Released
(8.1.9-0ubuntu0.6.10)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(8.1.10-1)
|
|
hardy |
Does not exist
|
|
upstream |
Needs triage
|
|
postgresql-8.2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Released
(8.2.4-0ubuntu0.7.04)
|
|
gutsy |
Released
(8.2.5-1)
|
|
hardy |
Released
(8.2.5-1)
|
|
upstream |
Needs triage
|