CVE-2017-7485 (retired)

Priority
Description
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7,
and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment
variable was no longer enforcing a SSL/TLS connection to a PostgreSQL
server. An active Man-in-the-Middle attacker could use this flaw to strip
the SSL/TLS protection from a connection between a client and a server.
Notes
Package
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (9.5.7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (9.5.7-0ubuntu0.16.04)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (9.6.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (9.6.4-1)
Patches:
Upstream:https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=aafbd1df969135c185947c596c46608fc9f4a67c
More Information

Updated: 2019-10-09 08:01:36 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)