From: | "Marc G(dot) Fournier" <scrappy(at)hub(dot)org> |
---|---|
To: | Neil Conway <neilc(at)samurai(dot)com> |
Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgreSQL(dot)org> |
Subject: | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
Date: | 2002-08-24 04:02:36 |
Message-ID: | 20020824010200.Y1769-100000@mail1.hub.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-announce pgsql-general pgsql-hackers |
On 23 Aug 2002, Neil Conway wrote:
> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> > Marc G. Fournier wrote:
> > > Although v7.2.2 is a purely plug-n-play upgrade from v7.2.1, requiring no
> > > dump-n-reload of the database, it should be noted that these
> > > vulnerabilities are only critical on "open" or "shared" systems, as they
> > > require the ability to be able to connect to the database before they can
> > > be exploited.
> >
> > Excellent idea you pointed this out.
>
> ... except that it's not correct. The datetime overrun does not
> require the ability to connect to the database.
Ack ... obviously I missed something, but, if you can't get a connection
to the database, how exactly is this one triggered? :(
From | Date | Subject | |
---|---|---|---|
Next Message | Neil Conway | 2002-08-24 04:11:03 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
Previous Message | Neil Conway | 2002-08-24 03:58:02 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
From | Date | Subject | |
---|---|---|---|
Next Message | Neil Conway | 2002-08-24 04:11:03 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
Previous Message | Neil Conway | 2002-08-24 03:58:02 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
From | Date | Subject | |
---|---|---|---|
Next Message | Neil Conway | 2002-08-24 04:11:03 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
Previous Message | Neil Conway | 2002-08-24 03:58:02 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |