Home > mailing lists

Re: [GENERAL] PostgreSQL 7.2.2: Security Release - Mailing list pgsql-hackers

From	Neil Conway
Subject	Re: [GENERAL] PostgreSQL 7.2.2: Security Release
Date	August 24, 2002 02:59:05
Msg-id	87adncc3hx.fsf@mailbox.samurai.com Whole thread Raw
In response to	Re: [GENERAL] PostgreSQL 7.2.2: Security Release (Bruce Momjian <pgman@candle.pha.pa.us>)
Responses	Re: [GENERAL] PostgreSQL 7.2.2: Security Release ("Marc G. Fournier" <scrappy@hub.org>)
List	pgsql-hackers

Tree view

Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Marc G. Fournier wrote:
> > Although v7.2.2 is a purely plug-n-play upgrade from v7.2.1, requiring no
> > dump-n-reload of the database, it should be noted that these
> > vulnerabilities are only critical on "open" or "shared" systems, as they
> > require the ability to be able to connect to the database before they can
> > be exploited.
> 
> Excellent idea you pointed this out.

... except that it's not correct. The datetime overrun does not
require the ability to connect to the database.

Cheers,

Neil

-- 
Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC

pgsql-hackers by date:

From: Bruce Momjian
Date: 24 August 2002, 02:44:16
Subject: Re: Large file support available

From: "Marc G. Fournier"
Date: 24 August 2002, 03:02:40
Subject: Re: [GENERAL] PostgreSQL 7.2.2: Security Release

Re: [GENERAL] PostgreSQL 7.2.2: Security Release - Mailing list pgsql-hackers

Previous

Next