CVE-2012-0867

Priority
Description
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3
truncates the common name to only 32 characters when verifying SSL
certificates, which allows remote attackers to spoof connections when the
host name is exactly 32 characters.
Notes
 mdeslaur> 8.3 is not affected
Package
Upstream:needs-triage
Package
Upstream:not-affected
Package
Upstream:released (8.4.11)
Package
Upstream:released (9.1.3)
More Information

Updated: 2019-01-14 22:01:50 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)