Launchpad.net

CVE 2019-10208

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.

Related bugs and status

CVE-2019-10208 (Candidate) is related to these bugs:

Bug #1829197: Invalid changelog.gz is supplied with postgresql-9.5 package

Summary				In	Importance	Status
	1829197	Invalid changelog.gz is supplied with postgresql-9.5 package		postgresql-9.5 (Ubuntu)	Undecided	Expired

Bug #1839058: New upstream microreleases 9.5.19 10.10 and 11.5

		In	Importance	Status
1839058	New upstream microreleases 9.5.19 10.10 and 11.5	postgresql-11 (Ubuntu)	Undecided	Fix Released
1839058	New upstream microreleases 9.5.19 10.10 and 11.5	postgresql-11 (Ubuntu Eoan)	Undecided	Fix Released
1839058	New upstream microreleases 9.5.19 10.10 and 11.5	postgresql-11 (Ubuntu Disco)	Undecided	Fix Released
1839058	New upstream microreleases 9.5.19 10.10 and 11.5	postgresql-10 (Ubuntu Bionic)	Undecided	Fix Released
1839058	New upstream microreleases 9.5.19 10.10 and 11.5	postgresql-9.5 (Ubuntu Xenial)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2019-10208

Related bugs and status

Related bugs

References