| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | ken(at)coverity(dot)com |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Reporting a security hole |
| Date: | 2004-04-27 03:34:17 |
| Message-ID: | 200404270334.i3R3YHs26424@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
ken(at)coverity(dot)com wrote:
> I work at Coverity where we make a static analysis tool to find bugs in
> software at compile time. I think I found a security hole in
> postgresql-7.4.1, but I don't want to just report it to a public list. I
> sent email to security(at)postgresql(dot)org, hoping that the address existed,
> but I got no response.
>
> So where can I report a potential security hole?
I have replied to the detailed message on the core list and the security
list (not sure who that is). We are researching it.
From my initial review, it is something that needs cleaning up, but is
not a major security issue, I think.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2004-04-27 03:38:32 | Re: Pl/Java and GCJ |
| Previous Message | Bruce Momjian | 2004-04-27 03:06:21 | Re: FW: Timezone library |