CVE-2014-8161
Published: 6 February 2015
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
Priority
CVSS 3 base score: 4.3
Status
Package | Release | Status |
---|---|---|
postgresql-8.4 Launchpad, Ubuntu, Debian |
lucid |
Released
(8.4.22-0ubuntu0.10.04.1)
|
precise |
Does not exist
(precise was needed)
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(reached end-of-life)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
postgresql-9.1 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Released
(9.1.15-0ubuntu0.12.04)
|
|
trusty |
Does not exist
(trusty was released [9.1.15-0ubuntu0.14.04])
|
|
upstream |
Released
(9.1.11-2)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
postgresql-9.3 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Released
(9.3.6-0ubuntu0.14.04)
|
|
upstream |
Released
(9.3.6)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
postgresql-9.4 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(9.4.1-1)
|
|
utopic |
Released
(9.4.1-0ubuntu0.14.10)
|
|
vivid |
Not vulnerable
(9.4.1-1)
|
|
wily |
Not vulnerable
(9.4.1-1)
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|