Source: pgagent Version: 4.2.2-4 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 4.2.2-2
Hi, The following vulnerability was published for pgagent. CVE-2025-0218[0]: | When batch jobs are executed by pgAgent, a script is created in a | temporary directory and then executed. In versions of pgAgent prior | to 4.2.3, an insufficiently seeded random number generator is used | when generating the directory name, leading to the possibility for a | local attacker to pre-create the directory and thus prevent pgAgent | from executing jobs, disrupting scheduled tasks. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-0218 https://www.cve.org/CVERecord?id=CVE-2025-0218 [1] https://github.com/pgadmin-org/pgagent/commit/5b10c3d435d3f92ccc2f05b69ff10516ef3154e0 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
