CVE-2007-4772

NameCVE-2007-4772
SourceCVE (at NVD; RH)
DescriptionThe regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
ReferencesDSA-1460-1, DSA-1463-1
NVD severitymedium (attack range: remote)
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tcl8.3 (PTS)lenny8.3.5-13fixed
tcl8.4 (PTS)lenny8.4.19-2fixed
squeeze, wheezy, sid8.4.19-4fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
postgresqlsourcesarge(unfixed)medium
postgresql-7.4sourceetch7.4.19-0etch1mediumDSA-1463-1
postgresql-8.1source(unstable)8.1.11-1medium
postgresql-8.1sourceetch8.1.11-0etch1mediumDSA-1460-1
postgresql-8.2source(unstable)8.2.6-1medium
tcl8.3source(unstable)8.3.5-13low
tcl8.4source(unstable)8.4.17-1low

Notes

[etch] - tcl8.3 <no-dsa> (Minor issue)
[etch] - tcl8.4 <no-dsa> (Minor issue)
Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Imprint