PublicDateAtUSN: 2013-04-04
Candidate: CVE-2013-1900
PublicDate: 2013-04-04 17:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900
 http://www.postgresql.org/about/news/1456/
 https://ubuntu.com/security/notices/USN-1789-1
Description:
 PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and
 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random
 numbers, which might allow remote authenticated users to have an
 unspecified impact via vectors related to the "contrib/pgcrypto functions."
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/postgresql-9.1/+bug/1163184
Priority: medium
Discovered-by: Marko Kreen
Assigned-to:
CVSS: 

Patches_postgresql-9.1:
upstream_postgresql-9.1: released (9.1.9)
hardy_postgresql-9.1: DNE
lucid_postgresql-9.1: DNE
oneiric_postgresql-9.1: released (9.1.9-0ubuntu11.10)
precise_postgresql-9.1: released (9.1.9-0ubuntu12.04)
quantal_postgresql-9.1: released (9.1.9-0ubuntu12.10)
raring_postgresql-9.1: released (9.1.9-1ubuntu1)
devel_postgresql-9.1: released (9.1.9-1ubuntu1)

Patches_postgresql-8.4:
upstream_postgresql-8.4: released (8.4.17)
hardy_postgresql-8.4: DNE
lucid_postgresql-8.4: released (8.4.17-0ubuntu10.04)
oneiric_postgresql-8.4: ignored (reached end-of-life)
precise_postgresql-8.4: released (8.4.17-0ubuntu12.04)
quantal_postgresql-8.4: DNE
raring_postgresql-8.4: DNE
devel_postgresql-8.4: DNE

Patches_postgresql-8.3:
upstream_postgresql-8.3: needs-triage
hardy_postgresql-8.3: released (8.3.23-0ubuntu8.04.1)
lucid_postgresql-8.3: DNE
oneiric_postgresql-8.3: DNE
precise_postgresql-8.3: DNE
quantal_postgresql-8.3: DNE
raring_postgresql-8.3: DNE
devel_postgresql-8.3: DNE

Patches_postgresql-8.2:
upstream_postgresql-8.2: needs-triage
hardy_postgresql-8.2: ignored (reached end-of-life)
lucid_postgresql-8.2: DNE
oneiric_postgresql-8.2: DNE
precise_postgresql-8.2: DNE
quantal_postgresql-8.2: DNE
raring_postgresql-8.2: DNE
devel_postgresql-8.2: DNE