Home > mailing lists

Re: [GENERAL] PostgreSQL 7.2.2: Security Release - Mailing list pgsql-hackers

From	Marc G. Fournier
Subject	Re: [GENERAL] PostgreSQL 7.2.2: Security Release
Date	August 24, 2002 03:02:40
Msg-id	20020824010200.Y1769-100000@mail1.hub.org Whole thread Raw
In response to	Re: [GENERAL] PostgreSQL 7.2.2: Security Release (Neil Conway <neilc@samurai.com>)
Responses	Re: [GENERAL] PostgreSQL 7.2.2: Security Release (Neil Conway <neilc@samurai.com>)
List	pgsql-hackers

Tree view

On 23 Aug 2002, Neil Conway wrote:

> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > Marc G. Fournier wrote:
> > > Although v7.2.2 is a purely plug-n-play upgrade from v7.2.1, requiring no
> > > dump-n-reload of the database, it should be noted that these
> > > vulnerabilities are only critical on "open" or "shared" systems, as they
> > > require the ability to be able to connect to the database before they can
> > > be exploited.
> >
> > Excellent idea you pointed this out.
>
> ... except that it's not correct. The datetime overrun does not
> require the ability to connect to the database.

Ack ... obviously I missed something, but, if you can't get a connection
to the database, how exactly is this one triggered? :(

pgsql-hackers by date:

From: Neil Conway
Date: 24 August 2002, 02:59:05
Subject: Re: [GENERAL] PostgreSQL 7.2.2: Security Release

From: Neil Conway
Date: 24 August 2002, 03:12:06
Subject: Re: [GENERAL] PostgreSQL 7.2.2: Security Release

Re: [GENERAL] PostgreSQL 7.2.2: Security Release - Mailing list pgsql-hackers

Previous

Next