| From: | Neil Conway <neilc(at)samurai(dot)com> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>, PostgreSQL-development <pgsql-hackers(at)postgreSQL(dot)org> |
| Subject: | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
| Date: | 2002-08-24 03:58:02 |
| Message-ID: | 87adncc3hx.fsf@mailbox.samurai.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-announce pgsql-general pgsql-hackers |
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> Marc G. Fournier wrote:
> > Although v7.2.2 is a purely plug-n-play upgrade from v7.2.1, requiring no
> > dump-n-reload of the database, it should be noted that these
> > vulnerabilities are only critical on "open" or "shared" systems, as they
> > require the ability to be able to connect to the database before they can
> > be exploited.
>
> Excellent idea you pointed this out.
... except that it's not correct. The datetime overrun does not
require the ability to connect to the database.
Cheers,
Neil
--
Neil Conway <neilc(at)samurai(dot)com> || PGP Key ID: DB3C29FC
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marc G. Fournier | 2002-08-24 04:02:36 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
| Previous Message | Bruce Momjian | 2002-08-24 03:36:57 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marc G. Fournier | 2002-08-24 04:02:36 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
| Previous Message | Bruce Momjian | 2002-08-24 03:36:57 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marc G. Fournier | 2002-08-24 04:02:36 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
| Previous Message | Bruce Momjian | 2002-08-24 03:44:03 | Re: Large file support available |