PublicDate: 2007-04-24 20:19:00 UTC
Candidate: CVE-2007-2138
References:
 https://ubuntu.com/security/notices/USN-454-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138
Description:
 Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x
 before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before
 8.2.4 allows remote authenticated users, when permitted to call a SECURITY
 DEFINER function, to gain the privileges of the function owner, related to
 "search_path settings."
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:

upstream_postgresql-8.1: needs-triage
dapper_postgresql-8.1: released (8.1.9-0ubuntu0.6.06)
edgy_postgresql-8.1: released (8.1.9-0ubuntu0.6.10)
feisty_postgresql-8.1: needed (reached end-of-life)
gutsy_postgresql-8.1: released (8.1.10-1)
hardy_postgresql-8.1: DNE
devel_postgresql-8.1: DNE

upstream_postgresql-8.2: needs-triage
dapper_postgresql-8.2: DNE
edgy_postgresql-8.2: DNE
feisty_postgresql-8.2: released (8.2.4-0ubuntu0.7.04)
gutsy_postgresql-8.2: released (8.2.5-1)
hardy_postgresql-8.2: released (8.2.5-1)
devel_postgresql-8.2: DNE