Back to bug 2165722
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Pedro Sampaio | 2023-01-30 20:54:18 UTC | CC | security-response-team | |
| Pedro Sampaio | 2023-01-30 20:55:03 UTC | Fixed In Version | postgresql 5.2, 14.7, 13.10, 12.14, and 11.19 | postgresql 5.2, postgresql 14.7, postgresql 13.10, postgresql 12.14, postgresql 11.19 |
| Pedro Sampaio | 2023-01-30 20:56:48 UTC | Blocks | 2165723 | |
| Pedro Sampaio | 2023-01-30 21:00:19 UTC | Blocks | 2165725 | |
| Dhananjay Arunesh | 2023-01-31 11:07:29 UTC | Depends On | 2165882, 2165884, 2165883 | |
| Dhananjay Arunesh | 2023-02-15 15:04:51 UTC | Summary | EMBARGOED CVE-2022-41862 postgresql: Client memory disclosure when connecting with Kerberos to modified server | CVE-2022-41862 postgresql: Client memory disclosure when connecting with Kerberos to modified server |
| Group | qe_staff, security | |||
| Deadline | 2023-02-09 | |||
| CC | databases-maint, hbraun | |||
| Dhananjay Arunesh | 2023-02-15 15:06:57 UTC | Depends On | 2170071 | |
| Zuzana Miklankova | 2023-02-15 15:09:21 UTC | Flags | needinfo?(psampaio) | |
| Dhananjay Arunesh | 2023-02-20 07:35:43 UTC | Depends On | 2171370, 2171368, 2171366, 2171367, 2171365, 2171369 | |
| Pedro Sampaio | 2023-02-27 18:03:00 UTC | Flags | needinfo?(psampaio) | |
| RHEL Program Management Team | 2023-02-28 16:12:14 UTC | Depends On | 2173998 | |
| RHEL Program Management Team | 2023-03-01 09:16:55 UTC | Depends On | 2174356 | |
| Kazu Yoshida | 2023-03-02 03:45:02 UTC | CC | kyoshida | |
| Pedro Sampaio | 2023-03-02 11:49:49 UTC | Doc Text | In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. This issue may have a low impact to confidentiality. | |
| RaTasha Tillery-Smith | 2023-03-02 12:48:20 UTC | Doc Text | In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. This issue may have a low impact to confidentiality. | A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. |
| errata-xmlrpc | 2023-04-04 09:47:01 UTC | Link ID | Red Hat Product Errata RHSA-2023:1576 | |
| errata-xmlrpc | 2023-04-11 14:24:21 UTC | Link ID | Red Hat Product Errata RHSA-2023:1693 | |
| Product Security DevOps Team | 2023-04-11 19:36:02 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2023-04-11 19:36:02 UTC | |||
| RHEL Program Management Team | 2023-07-24 18:35:50 UTC | Depends On | 2225251 | |
| errata-xmlrpc | 2023-08-08 08:37:54 UTC | Link ID | Red Hat Product Errata RHSA-2023:4535 |
Back to bug 2165722