CVE-2024-1097[6789]

@roberto Mon, 18 Nov 2024 06:32:55 -0800


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9a99ef92 by Roberto C. Sánchez at 2024-11-18T09:22:33-05:00
Add fixing commits for postgresql/CVE-2024-1097[6789]

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -804,6 +804,24 @@ CVE-2024-10979 (Incorrect control of environment variables 
in PostgreSQL PL/Perl
        - postgresql-15 <removed>
        - postgresql-13 <removed>
        NOTE: https://www.postgresql.org/support/security/CVE-2024-10979/
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=3ebcfa54db3309651d8f1d3be6451a8449f6c6ec
 (v17.2, 1 of 3)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=4cd4f3b97492c1b38115d0563a2e55b136eb542a
 (v17.2, 2 of 3)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=8d19f3fea003b1f744516b84cbdb0097ae7b2912
 (v17.2, 3 of 3)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=8fe3e697a1a83a722b107c7cb9c31084e1f4d077
 (v16.6, 1 of 4)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=88269df4da032bb1536d4291a13f3af4e1e599ba
 (v16.6, 2 of 4)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=168579e23bdbeda1a140440c0272b335d53ad061
 (v16.6, 3 of 4)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=64df8870097aa286363a5d81462802783abbfa61
 (v16.6, 4 of 4)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=e530835c6cc5b2dbf330ebe6b0a7fb9f19f5a54c
 (v15.10, 1 of 2)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=c834b375a6dc36ff92f9f738ef1d7af09d91165f
 (v15.10, 2 of 2)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=d15ec27c977100037ae513ab7fe1a214bfc2507b
 (v14.15, 1 of 3)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=f89bd92c963c3be30a1cf26960aa86aaad117235
 (v14.15, 2 of 3)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=256e34653aadd3582b98411d7d26f4fbb865e0ec
 (v14.15, 3 of 3)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=e428cd058f0bebb5782b0c263565b0ad088e9650
 (v13.18, 1 of 3)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=6bccd7b037d09b91ce272c68f43705e2fecd4cca
 (v13.18, 2 of 3)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=0bd9560d964abc09e446e4c5e264bb7a0886e5ea
 (v13.18, 3 of 3)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=2ab12d860e51e468703a2777b3759b7a61639df2
 (v12.21, 1 of 3)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b1e58defb6a43fe35511eaa80858293b07c8b512
 (v12.21, 2 of 3)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=9fc1c3a02ddc4cf2a34550c0f985288cea7094bd
 (v12.21, 3 of 3)
 CVE-2024-10978 (Incorrect privilege assignment in PostgreSQL allows a 
less-privileged  ...)
        {DSA-5812-1 DLA-3954-1}
        - postgresql-17 17.1-1
@@ -811,6 +829,24 @@ CVE-2024-10978 (Incorrect privilege assignment in 
PostgreSQL allows a less-privi
        - postgresql-15 <removed>
        - postgresql-13 <removed>
        NOTE: https://www.postgresql.org/support/security/CVE-2024-10978/
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=cd82afdda5e9d3269706a142e9093ba83f484185
 (v17.2, 1 of 2)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=f4f5d27d87247da1ec7e5a6e7990a22ffba9f63a
 (v17.2, 2 of 2)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=1c05004a895308da10ec000ba6b92f72f4f5b8e2
 (v17.2, regression fix)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=ae340d0318521ae7234ed3b7221a1f65f39a52c0
 (v16.6, 1 of 2)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=95f5a523729f6814c8757860d9a2264148b7b0df
 (v16.6, 2 of 2)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b0918c1286d316f6ffa93995452270afd4fc4335
 (v16.6, regression fix)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=a5d2e6205f716c79ecfb15eb1aae75bae3f8daa9
 (v15.10, 1 of 2)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=109a323807d752f66699a9ce0762244f536e784f
 (v15.10, 2 of 2)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=edf80895f6bda824403f843df91cbc83890e4b6c
 (v15.10, regression fix)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=2a68808e241bf667ff72c31ea9d0c4eb0b893982
 (v14.15, 1 of 2)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=00b94e8e2f99a8ed1d7f854838234ce37f582da0
 (v14.15, 2 of 2)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=be062bfa54d780c07a3b36c4123da2c960c8e97d
 (v14.15, regression fix)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=76123ded6e9b3624e380ac326645bd026aacd2f5
 (v13.18, 1 of 2)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=dc7378793add3c3d9a40ec2118d92bd719acab97
 (v13.18, 2 of 2)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=07c6e0f613612ff060572a085c1c24aa44c8b2bb
 (v13.18, regression fix)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=4c9d96f74ba4e7d01c086ca54f217e242dd65fae
 (v12.21, 1 of 2)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=0edad8654848affe0786c798aea9e1a43dde54bc
 (v12.21, 2 of 2)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=c463338656ac47e5210fcf9fbf7d20efccce8de8
 (v12.21, regression fix)
 CVE-2024-10977 (Client use of server error message in PostgreSQL allows a 
server not t ...)
        {DSA-5812-1 DLA-3954-1}
        - postgresql-17 17.1-1
@@ -818,6 +854,12 @@ CVE-2024-10977 (Client use of server error message in 
PostgreSQL allows a server
        - postgresql-15 <removed>
        - postgresql-13 <removed>
        NOTE: https://www.postgresql.org/support/security/CVE-2024-10977/
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=a5cc4c66719be2ae1eebe92ad97727dc905bbc6d
 (v17.2)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=67d28bd02ec06f5056754bc295f57d2dd2bbd749
 (v16.6)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=d2c3e31c13a6820980c2c6019f0b8f9f0b63ae6e
 (v15.10)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=e6c9454764d880ee30735aa8c1e05d3674722ff9
 (v14.15)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=7b49707b72612ef068ce9275b9b6da104f1960f3
 (v13.18)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=2a951ef0aace58026c31b9a88aeeda19c9af4205
 (v12.21)
 CVE-2024-10976 (Incomplete tracking in PostgreSQL of tables with row security 
allows a ...)
        {DSA-5812-1 DLA-3954-1}
        - postgresql-17 17.1-1
@@ -825,6 +867,12 @@ CVE-2024-10976 (Incomplete tracking in PostgreSQL of 
tables with row security al
        - postgresql-15 <removed>
        - postgresql-13 <removed>
        NOTE: https://www.postgresql.org/support/security/CVE-2024-10976/
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=edcda9bb4c4500b75bb4a16c7c59834398ca2906
 (v17.2)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=562289460e118fcad44ec916dcdab21e4763c38c
 (v16.6)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=6db5ea8de8ce15897b706009aaf701d23bd65b23
 (v15.10)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=4e51030af9e0a12d7fa06b73acd0c85024f81062
 (v14.15)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=952ff31e2a89e8ca79ecb12d61fddbeac3d89176
 (v13.18)
+       NOTE: Fixed by: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=448525e8a44080b6048e24f6942284b7eeae1a5c
 (v12.21)
 CVE-2024-9186 (The Recover WooCommerce Cart Abandonment, Newsletter, Email 
Marketing, ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-5083 (A storedCross-site Scripting vulnerability has been discovered 
in Sona ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a99ef92abdcfcaae07a9045b7fad5aba6fff1cc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a99ef92abdcfcaae07a9045b7fad5aba6fff1cc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add fixing commits for postgresql/CVE-2024-1097[6789]

Reply via email to