CVE-2007-6600
Published: 9 January 2008
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges.
Priority
Status
Package | Release | Status |
---|---|---|
postgresql-8.1
Launchpad, Ubuntu, Debian |
dapper |
Released
(8.1.11-0ubuntu0.6.06.1)
|
edgy |
Released
(8.1.11-0ubuntu0.6.10.1)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
upstream |
Needs triage
|
|
postgresql-8.2
Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Released
(8.2.6-0ubuntu0.7.04.1)
|
|
gutsy |
Released
(8.2.6-0ubuntu0.7.10.1)
|
|
hardy |
Released
(8.2.6-1)
|
|
intrepid |
Does not exist
|
|
upstream |
Needs triage
|