From: | "Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au> |
---|---|
To: | "Neil Conway" <neilc(at)samurai(dot)com>, "Vince Vielhaber" <vev(at)michvhf(dot)com> |
Cc: | <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (fwd) |
Date: | 2002-08-21 01:49:57 |
Message-ID: | GNELIHDDFBOCMGBFGEFOOEMMCDAA.chriskl@familyhealth.com.au |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> Should someone from the core team perhaps get in contact with this guy
> and ask if he could get in contact with the development team before
> publicizing any further security holes? AFAIK that is standard
> operating procedure in most cases...
>
> Second, it might be worth pushing a 7.2.2 release containing the fix
> for this bug, as well as the datetime problem. If that sounds
> reasonable to the people who have to do the most work on a new release
> (e.g. Marc), I can volunteer to backport a fix for the datetime
> problem.
It'd be better to contact the dude and get all his bugs out of him, fix them
all and issue a 7.2.2 with all the fixes.
I think this is now essential - people will be using 7.2 series for ages
even after the 7.3 release...
Chris
From | Date | Subject | |
---|---|---|---|
Next Message | Gavin Sherry | 2002-08-21 02:15:51 | Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in |
Previous Message | Christopher Kings-Lynne | 2002-08-21 01:43:48 | Re: Proposal: make "opaque" obsolete |