Vulnerability Change Records for CVE-2020-25696

Change History

Reanalysis 12/09/2020 10:0:22 AM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* versions from (including) 9.5.0 up to (excluding) 9.5.24
     *cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* versions from (including) 9.6.0 up to (excluding) 9.6.20
     *cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* versions from (including) 10.0 up to (excluding) 10.15
     *cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* versions from (including) 11.0 up to (excluding) 11.10
     *cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* versions from (including) 12.0 up to (excluding) 12.5
     *cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* versions up to (excluding) 13.1
OR
     *cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* versions from (including) 9.5.0 up to (excluding) 9.5.24
     *cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* versions from (including) 9.6.0 up to (excluding) 9.6.20
     *cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* versions from (including) 10.0 up to (excluding) 10.15
     *cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* versions from (including) 11.0 up to (excluding) 11.10
     *cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* versions from (including) 12.0 up to (excluding) 12.5
     *cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* versions from (including) 13.0 up to (excluding) 13.1
Removed CPE Configuration
OR
     *cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

								
						
Changed Reference Type
https://bugzilla.redhat.com/show_bug.cgi?id=1894430 Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1894430 Issue Tracking, Patch, Third Party Advisory
Changed Reference Type
https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html Mailing List, Mitigation, Patch, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html Mailing List, Third Party Advisory

Reanalysis 12/15/2020 2:37:13 PM

Action Type Old Value New Value
Added CVSS V2

								
							
							
						
NIST (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Removed CVSS V2
NIST (AV:N/AC:L/Au:N/C:C/I:C/A:C)

								
						
Added CVSS V2 Metadata

								
							
							
						
Victim must voluntarily interact with attack mechanism
Added CVSS V3.1

								
							
							
						
NIST AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Removed CVSS V3.1
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

								
						

CVE Modified by Red Hat, Inc. 12/06/2020 9:15:15 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://security.gentoo.org/glsa/202012-07 [No Types Assigned]

CVE Modified by Red Hat, Inc. 12/02/2020 8:15:11 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.debian.org/debian-lts-announce/2020/12/msg00005.html [No Types Assigned]