CVE-2007-4769

NameCVE-2007-4769
DescriptionThe regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1460-1, DSA-1463-1
NVD severitymedium (attack range: remote)
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tcl8.4 (PTS)squeeze8.4.19-4fixed
wheezy8.4.19-5fixed
sid8.4.20-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
postgresqlsourcesarge(unfixed)medium
postgresql-7.4sourceetch7.4.19-0etch1mediumDSA-1463-1
postgresql-8.1source(unstable)8.1.11-1medium
postgresql-8.1sourceetch8.1.11-0etch1mediumDSA-1460-1
postgresql-8.2source(unstable)8.2.6-1medium
tcl8.3source(unstable)(not affected)
tcl8.4source(unstable)(not affected)

Notes

- tcl8.3 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)
- tcl8.4 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)

Search for package or bug name: Reporting problems