Author: jmm-guest
Date: 2006-06-17 14:44:35 +0000 (Sat, 17 Jun 2006)
New Revision: 4259
Modified:
data/CVE/list
Log:
- remove package entries that needed to adapted for the SQL quoting
issues
- remove <removed> entries for volatile source package names like
postgres-foo not present in a stable release
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-06-17 14:37:32 UTC (rev 4258)
+++ data/CVE/list 2006-06-17 14:44:35 UTC (rev 4259)
@@ -1688,20 +1688,19 @@
{DSA-1087-1}
- postgresql 7.5.4 (medium; bug #368645)
- postgresql-7.4 1:7.4.13-1 (medium)
- - postgresql-8.0 <removed> (medium)
- postgresql-8.1 8.1.4-1 (medium)
- - psycopg 1.1.21-5 (bug #369230)
- - python-pgsql 2.4.0-8 (bug #369250)
- - pygresql 1:3.8-1.1 (bug #369239)
[sarge] - pygresql <not-affected> (Already includes proper quoting)
NOTE: Beginning with version 7.5.4, postgresql is a transition
NOTE: package which does not contain actual code. That''s why
NOTE: it''s marked as fixed here. (Previous versions are vulnerable.)
+ NOTE: The following packages needed to adapted to cope with the new system:
+ NOTE: psycopg 1.1.21-5 (bug #369230)
+ NOTE: python-pgsql 2.4.0-8 (bug #369250)
+ NOTE: pygresql 1:3.8-1.1 (bug #369239)
CVE-2006-2313 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before
...)
{DSA-1087-1}
- postgresql 7.5.4 (high; bug #368645)
- postgresql-7.4 1:7.4.13-1 (high)
- - postgresql-8.0 <removed> (high)
- postgresql-8.1 8.1.4-1 (high)
NOTE: Beginning with version 7.5.4, postgresql is a transition
NOTE: package which does not contain actual code. That''s why