Overview

File _patchinfo of Package patchinfo.16330

<patchinfo incident="16330">
  <issue tracker="bnc" id="1173969">PgAdmin4 cannot connect to server</issue>
  <issue tracker="bnc" id="1197143">VUL-0: CVE-2022-0959: pgadmin4: Unrestricted file upload in pgAdmin</issue>
  <issue tracker="bnc" id="1176840">pgadmin4 does not seem to work on SLE</issue>  
  <issue tracker="bnc" id="1221172">VUL-0: CVE-2024-2044: pgadmin4: Unsafe Deserialization and Remote Code Execution by an Authenticated user</issue>
  <issue tracker="cve" id="2022-0959"/>
  <issue tracker="cve" id="2024-2044"/>
  <packager>alarrosa</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for pgadmin4</summary>
  <description>This update for pgadmin4 fixes the following issues:

- CVE-2022-0959: Fixed unrestricted file upload (bsc#1197143). 
- CVE-2024-2044: Fixed unsafe deserialization and Remote Code Execution by an authenticated user (bsc#1221172)

The following non-security bugs were fixed:

- Avoid to raise an AttributeError with psycopg2 2.8 (bsc#1173969)
- Add patch from upstream to fix an issue throwing an error in when uploading a CSV Desktop mode
- Add patch from upstream (actually, part of an upstream patch) that adds a check and allows the following patches to be applied 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places