CVE-2007-4772

NameCVE-2007-4772
DescriptionThe regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1460-1, DSA-1463-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
postgresqlsourcesarge(unfixed)
postgresql-7.4sourceetch7.4.19-0etch1DSA-1463-1
postgresql-8.1sourceetch8.1.11-0etch1DSA-1460-1
postgresql-8.1source(unstable)8.1.11-1
postgresql-8.2source(unstable)8.2.6-1
tcl8.3source(unstable)8.3.5-13low
tcl8.4source(unstable)8.4.17-1low

Notes

[etch] - tcl8.3 <no-dsa> (Minor issue)
[etch] - tcl8.4 <no-dsa> (Minor issue)
Search for package or bug name: Reporting problems