Date: Thu, 20 Feb 2025 16:06:37 +0100 From: Palle Girgensohn <girgen@FreeBSD.org> To: freebsd-security@freebsd.org Subject: Advice about a revised security fix for databases/postgresql Message-ID: <4D9D2CD5-38E3-409F-ADFA-BBFF2CBFFDAE@FreeBSD.org>
index | next in thread | raw e-mail
Hi!
The fix for security issue CVE-2025-1094 for postgresql was revised today. The original fix is described to have this problem:
> The fix for CVE-2025-1094 caused the quoting functions to not honor their string length parameters and, in some cases, cause crashes. This problem could be noticeable from a PostgreSQL client library, based on how it is integrated with libpq.
Should i update the vuxml entry, and in that case how? Like this?
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index b1c5bd34c0b6..c6bfb6b76179 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -177,23 +177,23 @@
<affects>
<package>
<name>postgresql17-client</name>
- <range><lt>17.3</lt></range>
+ <range><lt>17.4</lt></range>
</package>
<package>
<name>postgresql16-client</name>
- <range><lt>16.7</lt></range>
+ <range><lt>16.8</lt></range>
</package>
<package>
<name>postgresql15-client</name>
- <range><lt>15.11</lt></range>
+ <range><lt>15.12</lt></range>
</package>
<package>
<name>postgresql14-client</name>
- <range><lt>14.16</lt></range>
+ <range><lt>14.17</lt></range>
</package>
<package>
<name>postgresql13-client</name>
- <range><lt>13.19</lt></range>
+ <range><lt>13.20</lt></range>
</package>
</affects>
<description>
@@ -216,6 +216,9 @@
Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and
13.19 are affected.
</p>
+ <p>
+ The fix was updated a week after the initial release.
+ </p>
</blockquote>
</body>
</description>
Best regards,
Palle
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D9D2CD5-38E3-409F-ADFA-BBFF2CBFFDAE>