Your submission was sent successfully! Close

CVE-2007-6600

Published: 9 January 2008

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.

Priority

Unknown

Status

Package Release Status
postgresql-8.1
Launchpad, Ubuntu, Debian
dapper
Released (8.1.11-0ubuntu0.6.06.1)
edgy
Released (8.1.11-0ubuntu0.6.10.1)
feisty Needed
(reached end-of-life)
gutsy Needed
(reached end-of-life)
hardy Does not exist

intrepid Does not exist

upstream Needs triage

postgresql-8.2
Launchpad, Ubuntu, Debian
dapper Does not exist

edgy Does not exist

feisty
Released (8.2.6-0ubuntu0.7.04.1)
gutsy
Released (8.2.6-0ubuntu0.7.10.1)
hardy
Released (8.2.6-1)
intrepid Does not exist

upstream Needs triage