Home > mailing lists

Re: postgres vulnerability - Mailing list pgsql-hackers

From	David Garamond
Subject	Re: postgres vulnerability
Date	October 10, 2004 15:08:11
Msg-id	4169180A.6090901@zara.6.isreserved.com Whole thread Raw
In response to	Re: postgres vulnerability (Gaetano Mendola <mendola@bigfoot.com>)
Responses	Re: postgres vulnerability
List	pgsql-hackers

Tree view

Gaetano Mendola wrote:
> Neil Conway wrote:
>  > Gaetano Mendola wrote:
>  >
>  >> Here  http://www.sans.org/top20/#u9
>  >> are listed postgres vulnerability it's sad see that almost all
>  >> are related to third part components
>  >
>  >
>  > "Almost all"? By my count, 12 of the 17 vulnerabilities refer to
>  > legitimate problems in PostgreSQL, its RPM distribution, or the ODBC
>  > driver.
> 
> I consider RPM distribution and ODBC driver as third part component.

Unless the vulnerability is introduced by a patch in the RPM, RPM is 
just a compiled version of the original. Thus, not third party code.

> However doing a full scan :-)  on all bugs I widthraw "almost all".

-- 
dave

pgsql-hackers by date:

From: Gaetano Mendola
Date: 10 October 2004, 13:20:27
Subject: Re: postgres vulnerability

From: Gaetano Mendola
Date: 10 October 2004, 16:50:23
Subject: Re: postgres vulnerability

Re: postgres vulnerability - Mailing list pgsql-hackers

Previous

Next