This repository has been archived by the owner on Apr 15, 2019. It is now read-only.

Bump PostreSQL version to 10.6 #359

Closed

fchavant opened this issue Nov 15, 2018 · 0 comments

Assignees

Labels

Contributor

fchavant commented Nov 15, 2018

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection
in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL
statements to run, with superuser privileges.

from https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-16850.html

fchavant added the security label

fchavant self-assigned this

Nazgolze closed this as completed

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.