Date: Sun, 29 Mar 2020 19:50:00 +0000 (UTC) From: Palle Girgensohn <girgen@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r529829 - head/security/vuxml Message-ID: <202003291950.02TJo0rZ067162@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: girgen Date: Sun Mar 29 19:50:00 2020 New Revision: 529829 URL: https://svnweb.freebsd.org/changeset/ports/529829 Log: Fix validation error Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Mar 29 19:46:16 2020 (r529828) +++ head/security/vuxml/vuln.xml Sun Mar 29 19:50:00 2020 (r529829) @@ -86,13 +86,13 @@ Notes: Versions Affected: 9.6 - 12 </p> <p> - The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform - authorization checks, which can allow an unprivileged user to drop - any function, procedure, materialized view, index, or trigger under - certain conditions. This attack is possible if an administrator has - installed an extension and an unprivileged user can CREATE, or an - extension owner either executes DROP EXTENSION predictably or can be - convinced to execute DROP EXTENSION. + The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform + authorization checks, which can allow an unprivileged user to drop + any function, procedure, materialized view, index, or trigger under + certain conditions. This attack is possible if an administrator has + installed an extension and an unprivileged user can CREATE, or an + extension owner either executes DROP EXTENSION predictably or can be + convinced to execute DROP EXTENSION. </p> </blockquote> </body>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003291950.02TJo0rZ067162>