| Name | CVE-2007-4772 |
| Description | The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-1460-1, DSA-1463-1 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| postgresql | source | sarge | (unfixed) | |||
| postgresql-7.4 | source | etch | 7.4.19-0etch1 | DSA-1463-1 | ||
| postgresql-8.1 | source | etch | 8.1.11-0etch1 | DSA-1460-1 | ||
| postgresql-8.1 | source | (unstable) | 8.1.11-1 | |||
| postgresql-8.2 | source | (unstable) | 8.2.6-1 | |||
| tcl8.3 | source | (unstable) | 8.3.5-13 | low | ||
| tcl8.4 | source | (unstable) | 8.4.17-1 | low |
[etch] - tcl8.3 <no-dsa> (Minor issue)
[etch] - tcl8.4 <no-dsa> (Minor issue)