Home > mailing lists

Release of CVEs - Mailing list pgsql-hackers

From	Greg Sabino Mullane
Subject	Release of CVEs
Date	October 11, 2015 14:55:02
Msg-id	20151011115453.GB11699@broken.home Whole thread Raw
Responses	Re: Release of CVEs (Michael Paquier <michael.paquier@gmail.com>)
List	pgsql-hackers

Tree view

The release notes for the new version reference some CVEs that
have not been publically released yet. Are they slow, or is
this something that needs to be added to the release
process checklist?

For example, see the CVE hyperlink for json parsing at:

https://bucardo.org/postgres_all_versions.html#version_9.4.5

which leads to:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5289

It's also possible the wrong CVE was entered, but I don't see
one that seems to pertain to the issue described (and
CVE-2015-5288, -3166, -3167, -0243, -0244 are in the same boat).

--
Greg Sabino Mullane greg@endpoint.com
End Point Corporation
PGP Key: 0x14964AC8

pgsql-hackers by date:

From: Amir Rohan
Date: 11 October 2015, 13:32:08
Subject: Re: Re: In-core regression tests for replication, cascading, archiving, PITR, etc.

From: Jinyu
Date: 11 October 2015, 14:55:51
Subject: Re: Improve the concurency of vacuum full table and select statement on the same relation

Release of CVEs - Mailing list pgsql-hackers

Previous

Next