PublicDateAtUSN: 2012-02-28
Candidate: CVE-2012-0866
PublicDate: 2012-07-18 23:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0866
 http://www.postgresql.org/support/security/
 https://ubuntu.com/security/notices/USN-1378-1
Description:
 CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11,
 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the
 execute permission for trigger functions marked SECURITY DEFINER, which
 allows remote authenticated users to execute otherwise restricted triggers
 on arbitrary data by installing the trigger on an attacker-owned table.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/postgresql-9.1/+bug/941912
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_postgresql-9.1:
upstream_postgresql-9.1: released (9.1.3)
hardy_postgresql-9.1: DNE
lucid_postgresql-9.1: DNE
maverick_postgresql-9.1: DNE
natty_postgresql-9.1: DNE
oneiric_postgresql-9.1: released (9.1.3-0ubuntu0.11.10)
precise_postgresql-9.1: released (9.1.3-1)
quantal_postgresql-9.1: released (9.1.3-1)
raring_postgresql-9.1: released (9.1.3-1)
devel_postgresql-9.1: released (9.1.3-1)

Patches_postgresql-8.4:
upstream_postgresql-8.4: released (8.4.11)
hardy_postgresql-8.4: DNE
lucid_postgresql-8.4: released (8.4.11-0ubuntu0.10.04)
maverick_postgresql-8.4: released (8.4.11-0ubuntu0.10.10)
natty_postgresql-8.4: released (8.4.11-0ubuntu0.11.04)
oneiric_postgresql-8.4: ignored (reached end-of-life)
precise_postgresql-8.4: not-affected (8.4.11-1)
quantal_postgresql-8.4: DNE
raring_postgresql-8.4: DNE
devel_postgresql-8.4: DNE

Patches_postgresql-8.3:
upstream_postgresql-8.3: released (8.3.18)
hardy_postgresql-8.3: released (8.3.18-0ubuntu0.8.04)
lucid_postgresql-8.3: DNE
maverick_postgresql-8.3: DNE
natty_postgresql-8.3: DNE
oneiric_postgresql-8.3: DNE
precise_postgresql-8.3: DNE
quantal_postgresql-8.3: DNE
raring_postgresql-8.3: DNE
devel_postgresql-8.3: DNE

Patches_postgresql-8.2:
upstream_postgresql-8.2: needs-triage
hardy_postgresql-8.2: ignored (reached end-of-life)
lucid_postgresql-8.2: DNE
maverick_postgresql-8.2: DNE
natty_postgresql-8.2: DNE
oneiric_postgresql-8.2: DNE
precise_postgresql-8.2: DNE
quantal_postgresql-8.2: DNE
raring_postgresql-8.2: DNE
devel_postgresql-8.2: DNE