Launchpad.net

CVE 2013-1901

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.

Related bugs and status

CVE-2013-1901 (Candidate) is related to these bugs:

Bug #1163184: New upstream microreleases 9.1.9, 8.4.17

		In	Importance	Status
1163184	New upstream microreleases 9.1.9, 8.4.17	postgresql-9.1 (Ubuntu)	Critical	Fix Released
1163184	New upstream microreleases 9.1.9, 8.4.17	postgresql-9.1 (Ubuntu Raring)	Critical	Fix Released
1163184	New upstream microreleases 9.1.9, 8.4.17	postgresql-9.1 (Ubuntu Oneiric)	Undecided	Fix Released
1163184	New upstream microreleases 9.1.9, 8.4.17	postgresql-9.1 (Ubuntu Quantal)	Undecided	Fix Released
1163184	New upstream microreleases 9.1.9, 8.4.17	postgresql-9.1 (Ubuntu Precise)	Undecided	Fix Released
1163184	New upstream microreleases 9.1.9, 8.4.17	postgresql-8.4 (Ubuntu)	Undecided	Invalid
1163184	New upstream microreleases 9.1.9, 8.4.17	postgresql-8.4 (Ubuntu Lucid)	Medium	Fix Released
1163184	New upstream microreleases 9.1.9, 8.4.17	postgresql-8.4 (Ubuntu Precise)	Undecided	Fix Released
1163184	New upstream microreleases 9.1.9, 8.4.17	postgresql-8.3 (Ubuntu)	Medium	Fix Released
1163184	New upstream microreleases 9.1.9, 8.4.17	postgresql-8.3 (Ubuntu Raring)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-1901

Related bugs and status

Related bugs

References