PublicDate: 2007-02-06 01:28:00 UTC
Candidate: CVE-2007-0556
References:
 https://ubuntu.com/security/notices/USN-417-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556
Description:
 The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2
 before 8.2.2 does not verify that a table is compatible with a "previously
 made query plan," which allows remote authenticated users to cause a denial
 of service (server crash) and possibly access database content via an
 "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary
 memory from the server.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_postgresql-8.1: released (8.1.9-0ubuntu0.6.06)
edgy_postgresql-8.1: released (8.1.9-0ubuntu0.6.10)
feisty_postgresql-8.1: released (8.1.8-1ubuntu3)
devel_postgresql-8.1: released (8.1.8-1ubuntu3)
dapper_postgresql-8.2: DNE
edgy_postgresql-8.2: DNE
feisty_postgresql-8.2: released (8.2.4-0ubuntu0.7.04)
devel_postgresql-8.2: released (8.2.5-1)
upstream_postgresql-8.1: needs-triage
upstream_postgresql-8.2: needs-triage