PublicDateAtUSN: 2010-02-02
Candidate: CVE-2010-0442
PublicDate: 2010-02-02 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0442
 http://intevydis.blogspot.com/2010/01/postgresql-8023-bitsubstr-overflow.html
 https://ubuntu.com/security/notices/USN-933-1
Description:
 The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23,
 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of
 service (daemon crash) or have unspecified other impact via vectors
 involving a negative integer in the third argument, as demonstrated by a
 SELECT statement that contains a call to the substring function for a bit
 string, related to an "overflow."
Ubuntu-Description:
Notes:
 mdeslaur> this was fixed in the -updates pocket, but not the -security
 mdeslaur> pocket.
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567058
 https://bugzilla.redhat.com/show_bug.cgi?id=559259
 https://bugzilla.redhat.com/show_bug.cgi?id=559194
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_postgresql-7.4:
upstream_postgresql-7.4: needs-triage
dapper_postgresql-7.4: ignored (reached end-of-life)
hardy_postgresql-7.4: DNE
intrepid_postgresql-7.4: DNE
jaunty_postgresql-7.4: DNE
karmic_postgresql-7.4: DNE
lucid_postgresql-7.4: DNE
maverick_postgresql-7.4: DNE
natty_postgresql-7.4: DNE
oneiric_postgresql-7.4: DNE
devel_postgresql-7.4: DNE

Patches_postgresql-8.0:
upstream_postgresql-8.0: needs-triage
dapper_postgresql-8.0: ignored (reached end-of-life)
hardy_postgresql-8.0: DNE
intrepid_postgresql-8.0: DNE
jaunty_postgresql-8.0: DNE
karmic_postgresql-8.0: DNE
lucid_postgresql-8.0: DNE
maverick_postgresql-8.0: DNE
natty_postgresql-8.0: DNE
oneiric_postgresql-8.0: DNE
devel_postgresql-8.0: DNE

Patches_postgresql-8.1:
upstream_postgresql-8.1: released (8.1.20)
dapper_postgresql-8.1: released (8.1.20-0ubuntu0.6.06)
hardy_postgresql-8.1: DNE
intrepid_postgresql-8.1: DNE
jaunty_postgresql-8.1: DNE
karmic_postgresql-8.1: DNE
lucid_postgresql-8.1: DNE
maverick_postgresql-8.1: DNE
natty_postgresql-8.1: DNE
oneiric_postgresql-8.1: DNE
devel_postgresql-8.1: DNE

Patches_postgresql-8.2:
upstream_postgresql-8.2: released (8.2.16)
dapper_postgresql-8.2: DNE
hardy_postgresql-8.2: ignored (reached end-of-life)
intrepid_postgresql-8.2: DNE
jaunty_postgresql-8.2: DNE
karmic_postgresql-8.2: DNE
lucid_postgresql-8.2: DNE
maverick_postgresql-8.2: DNE
natty_postgresql-8.2: DNE
oneiric_postgresql-8.2: DNE
devel_postgresql-8.2: DNE

Patches_postgresql-8.3:
upstream_postgresql-8.3: released (8.3.10)
dapper_postgresql-8.3: DNE
hardy_postgresql-8.3: released (8.3.10-0ubuntu8.04)
intrepid_postgresql-8.3: ignored (reached end-of-life)
jaunty_postgresql-8.3: released (8.3.10-0ubuntu9.04)
karmic_postgresql-8.3: ignored (reached end-of-life)
lucid_postgresql-8.3: DNE
maverick_postgresql-8.3: DNE
natty_postgresql-8.3: DNE
oneiric_postgresql-8.3: DNE
devel_postgresql-8.3: DNE

Patches_postgresql-8.4:
 upstream: http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=75dea10196c31d98d98c0bafeeb576ae99c09b12
 upstream: http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=b15087cb39ca9e4bde3c8920fcee3741045d2b83
upstream_postgresql-8.4: released (8.4.3)
dapper_postgresql-8.4: DNE
hardy_postgresql-8.4: DNE
intrepid_postgresql-8.4: DNE
jaunty_postgresql-8.4: DNE
karmic_postgresql-8.4: released (8.4.3-0ubuntu9.10)
lucid_postgresql-8.4: released (8.4.3-1)
maverick_postgresql-8.4: released (8.4.3-1)
natty_postgresql-8.4: released (8.4.3-1)
oneiric_postgresql-8.4: released (8.4.3-1)
devel_postgresql-8.4: released (8.4.3-1)