From: | Neil Conway <neilc(at)samurai(dot)com> |
---|---|
To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
Cc: | "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>, PostgreSQL-development <pgsql-hackers(at)postgreSQL(dot)org> |
Subject: | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
Date: | 2002-08-24 03:58:02 |
Message-ID: | 87adncc3hx.fsf@mailbox.samurai.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-announce pgsql-general pgsql-hackers |
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> Marc G. Fournier wrote:
> > Although v7.2.2 is a purely plug-n-play upgrade from v7.2.1, requiring no
> > dump-n-reload of the database, it should be noted that these
> > vulnerabilities are only critical on "open" or "shared" systems, as they
> > require the ability to be able to connect to the database before they can
> > be exploited.
>
> Excellent idea you pointed this out.
... except that it's not correct. The datetime overrun does not
require the ability to connect to the database.
Cheers,
Neil
--
Neil Conway <neilc(at)samurai(dot)com> || PGP Key ID: DB3C29FC
From | Date | Subject | |
---|---|---|---|
Next Message | Marc G. Fournier | 2002-08-24 04:02:36 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
Previous Message | Bruce Momjian | 2002-08-24 03:36:57 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
From | Date | Subject | |
---|---|---|---|
Next Message | Marc G. Fournier | 2002-08-24 04:02:36 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
Previous Message | Bruce Momjian | 2002-08-24 03:36:57 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
From | Date | Subject | |
---|---|---|---|
Next Message | Marc G. Fournier | 2002-08-24 04:02:36 | Re: [GENERAL] PostgreSQL 7.2.2: Security Release |
Previous Message | Bruce Momjian | 2002-08-24 03:44:03 | Re: Large file support available |