| Name | CVE-2007-4769 |
| Description | The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-1460-1, DSA-1463-1 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| postgresql | source | sarge | (unfixed) | |||
| postgresql-7.4 | source | etch | 7.4.19-0etch1 | DSA-1463-1 | ||
| postgresql-8.1 | source | etch | 8.1.11-0etch1 | DSA-1460-1 | ||
| postgresql-8.1 | source | (unstable) | 8.1.11-1 | |||
| postgresql-8.2 | source | (unstable) | 8.2.6-1 | |||
| tcl8.3 | source | (unstable) | (not affected) | |||
| tcl8.4 | source | (unstable) | (not affected) |
- tcl8.3 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)
- tcl8.4 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)