[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2363-1] asyncpg security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2363-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
September 03, 2020                          https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : asyncpg
Version        : 0.8.4-1+deb9u1
CVE ID         : CVE-2020-17446

asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger
a crash or execute arbitrary code (on a database client) via a crafted
server response, because of access to an uninitialized pointer in the
array data decoder.

For Debian 9 stretch, this problem has been fixed in version
0.8.4-1+deb9u1.

We recommend that you upgrade your asyncpg packages.

For the detailed security status of asyncpg please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/asyncpg

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl9QIhUACgkQgj6WdgbD
S5bMDA/+KA6gEfzI1ATMVcgOVkON76LgS3ZF2oowfsezuXdIm9vHzPLQpADfJxtp
cCDuGXCzNU8cFrQbwq83l4J7ZFFffxF3TWRG3/HA3V5EQD6RYq+EHl84QuR1hHwO
om57n/KZqbcTigmhngdod8knKQEn8ePtuWzQ+98N2DTFzSQKpqWAuZhRKSP084WS
EYvqwWubTLu6X4Z0Ysg6Q6rYdfIbyIm8wFUCb/yOPRBpoTllWiBFxfahbkxsCZRS
0caq/1Mtr7jeUDVNT5otAKcfeV8BvlJLnp/Cxq4QAGCyJC/VfObu1gV7tjq/GW+u
kmaF8Zq2Fzg1zm5C1owspzgBDMkG47yOy1KPEi+CYbIcQkIDicZEtjT+nv8L/j4j
ZjGQHYBnIeJTH3e9UXqX77unJbVpQ2gWWzPv5t5hL4TMedlNFq9XWZRYsKwsGY0z
1z66fUgh9YKgau4ccF9ni3Iouc4iup77oPodhupHRE6MOxDQnu8Sw1kNjYZPfFIC
36zoUyXEHbWdo/g8R1rvDj8imjnl3a7kZYb3Z4fieRWmtRSKfduNrADtcs2sJjMM
zV7BFXQMbDzfSUdo//l/A4AbTNpPB62zFpnvJuZTnGTJT2tIftQnWn0LMT/F6MM+
qZ2g2Cw6bJIGoPLiXY6JPs4fXMnlX311oya166uZXnGBUyfgj80=
=kkMn
-----END PGP SIGNATURE-----


Reply to: