git: 7cc11a5f1ca5 - main - security/vuxml: postgresql??-server vuln CVE-2021-3677
Palle Girgensohn
girgen at FreeBSD.org
Thu Aug 12 16:23:35 UTC 2021
The branch main has been updated by girgen:
URL: https://cgit.FreeBSD.org/ports/commit/?id=7cc11a5f1ca54e8809a8f4dae5f91295bae56fbf
commit 7cc11a5f1ca54e8809a8f4dae5f91295bae56fbf
Author: Palle Girgensohn <girgen at FreeBSD.org>
AuthorDate: 2021-08-12 16:21:16 +0000
Commit: Palle Girgensohn <girgen at FreeBSD.org>
CommitDate: 2021-08-12 16:22:50 +0000
security/vuxml: postgresql??-server vuln CVE-2021-3677
---
security/vuxml/vuln-2021.xml | 43 +++++++++++++++++++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml
index 3af335748564..6cba3b72e130 100644
--- a/security/vuxml/vuln-2021.xml
+++ b/security/vuxml/vuln-2021.xml
@@ -1,3 +1,46 @@
+ <vuln vid="b471130b-fb86-11eb-87db-6cc21735f730">
+ <topic>PostgreSQL server -- Memory disclosure in certain queries</topic>
+ <affects>
+ <package>
+ <name>postgresql13-server</name>
+ <range><lt>13.4</lt></range>
+ </package>
+ <package>
+ <name>postgresql12-server</name>
+ <range><lt>12.8</lt></range>
+ </package>
+ <package>
+ <name>postgresql11-server</name>
+ <range><lt>11.13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PostgreSQL Project reports:</p>
+ <blockquote cite="https://www.postgresql.org/support/security/CVE-2021-3677/">
+ <p>
+ A purpose-crafted query can read arbitrary bytes of
+ server memory. In the default configuration, any
+ authenticated database user can complete this attack at
+ will. The attack does not require the ability to create
+ objects. If server settings include
+ max_worker_processes=0, the known versions of this
+ attack are infeasible. However, undiscovered variants of
+ the attack may be independent of that setting.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2021-3677</cvename>
+ <url>https://www.postgresql.org/support/security/CVE-2021-3677/</url>
+ </references>
+ <dates>
+ <discovery>2021-08-12</discovery>
+ <entry>2021-08-12</entry>
+ </dates>
+ </vuln>
+
<vuln vid="e80073d7-f8ba-11eb-b141-589cfc007716">
<topic>xtrlock -- xtrlock does not block multitouch events</topic>
<affects>
More information about the dev-commits-ports-all
mailing list