CVE-2012-0867

Priority
Medium
Description
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3
truncates the common name to only 32 characters when verifying SSL
certificates, which allows remote attackers to spoof connections when the
host name is exactly 32 characters.
References
Bugs
Notes
 mdeslaur> 8.3 is not affected
Package
Upstream:released (9.1.3)
Package
Upstream:needs-triage
Package
Upstream:not-affected
Package
Upstream:released (8.4.11)
More Information

Updated: 2018-06-26 04:44:45 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)