Justin Clift <justin@postgresql.org> writes:
> It probably makes sense to wait about a week until releasing 7.2.2, even
> if we get assembled anything else that is needed.
I think we should go ahead and push it out; by the end of next week
we'll be trying to wrap 7.3 beta, and the confusion factor for pushing
out two releases at the same time will be much too high.
I think it is fairly unlikely that we will find anything else in the
next week that is exploitable indirectly through a web-app in the same
way that the date buffer overrun bug could be. Most of the sorts of
bugs that I'm expecting to hear about will require being able to issue
SQL commands --- and if someone can issue arbitrary SQL commands, there
are plenty of ways to create a DOS situation.
regards, tom lane
