Launchpad.net

CVE 2012-0867

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

Related bugs and status

CVE-2012-0867 (Candidate) is related to these bugs:

Bug #941912: New bug fix releases: 9.1.3, 8.4.11, 8.3.18

		In	Importance	Status
941912	New bug fix releases: 9.1.3, 8.4.11, 8.3.18	postgresql-9.1 (Ubuntu)	High	Fix Released
941912	New bug fix releases: 9.1.3, 8.4.11, 8.3.18	postgresql-8.4 (Ubuntu)	Undecided	Invalid
941912	New bug fix releases: 9.1.3, 8.4.11, 8.3.18	postgresql-8.3 (Ubuntu)	Undecided	Invalid
941912	New bug fix releases: 9.1.3, 8.4.11, 8.3.18	postgresql-9.1 (Ubuntu Oneiric)	Undecided	Fix Released
941912	New bug fix releases: 9.1.3, 8.4.11, 8.3.18	postgresql-9.1 (Ubuntu Precise)	High	Fix Released
941912	New bug fix releases: 9.1.3, 8.4.11, 8.3.18	postgresql-8.3 (Ubuntu Hardy)	Undecided	Fix Released
941912	New bug fix releases: 9.1.3, 8.4.11, 8.3.18	postgresql-8.4 (Ubuntu Lucid)	Undecided	Fix Released
941912	New bug fix releases: 9.1.3, 8.4.11, 8.3.18	postgresql-8.4 (Ubuntu Natty)	Undecided	Fix Released
941912	New bug fix releases: 9.1.3, 8.4.11, 8.3.18	postgresql-8.4 (Ubuntu Maverick)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-0867

Related bugs and status

Related bugs

References