PublicDateAtUSN: 2012-02-28
Candidate: CVE-2012-0868
PublicDate: 2012-07-18 23:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0868
 http://www.postgresql.org/support/security/
 https://ubuntu.com/security/notices/USN-1378-1
Description:
 CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18,
 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows
 user-assisted remote attackers to execute arbitrary SQL commands via a
 crafted file containing object names with newlines, which are inserted into
 an SQL script that is used when the database is restored.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/postgresql-9.1/+bug/941912
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_postgresql-9.1:
upstream_postgresql-9.1: released (9.1.3)
hardy_postgresql-9.1: DNE
lucid_postgresql-9.1: DNE
maverick_postgresql-9.1: DNE
natty_postgresql-9.1: DNE
oneiric_postgresql-9.1: released (9.1.3-0ubuntu0.11.10)
precise_postgresql-9.1: released (9.1.3-1)
quantal_postgresql-9.1: released (9.1.3-1)
raring_postgresql-9.1: released (9.1.3-1)
devel_postgresql-9.1: released (9.1.3-1)

Patches_postgresql-8.4:
upstream_postgresql-8.4: released (8.4.11)
hardy_postgresql-8.4: DNE
lucid_postgresql-8.4: released (8.4.11-0ubuntu0.10.04)
maverick_postgresql-8.4: released (8.4.11-0ubuntu0.10.10)
natty_postgresql-8.4: released (8.4.11-0ubuntu0.11.04)
oneiric_postgresql-8.4: ignored (reached end-of-life)
precise_postgresql-8.4: not-affected (8.4.11-1)
quantal_postgresql-8.4: DNE
raring_postgresql-8.4: DNE
devel_postgresql-8.4: DNE

Patches_postgresql-8.3:
upstream_postgresql-8.3: released (8.3.18)
hardy_postgresql-8.3: released (8.3.18-0ubuntu0.8.04)
lucid_postgresql-8.3: DNE
maverick_postgresql-8.3: DNE
natty_postgresql-8.3: DNE
oneiric_postgresql-8.3: DNE
precise_postgresql-8.3: DNE
quantal_postgresql-8.3: DNE
raring_postgresql-8.3: DNE
devel_postgresql-8.3: DNE

Patches_postgresql-8.2:
upstream_postgresql-8.2: needs-triage
hardy_postgresql-8.2: ignored (reached end-of-life)
lucid_postgresql-8.2: DNE
maverick_postgresql-8.2: DNE
natty_postgresql-8.2: DNE
oneiric_postgresql-8.2: DNE
precise_postgresql-8.2: DNE
quantal_postgresql-8.2: DNE
raring_postgresql-8.2: DNE
devel_postgresql-8.2: DNE