Thread: Security Release
Hi all,
I have some questions regarding post date on Feb 1, 2005
http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php
- What is “LOAD” option it referred?
- Which versions does the security hole affect? (Back from 7.2 till 8.0?)
Link http://archives.postgresql.org/pgsql-general/2005-02/msg00384.php says “Version(s): 8.0.1, 7.4.7, 7.3.9, 7.2.7”, does that mean this security only occur in those versions? Thanks, On Wed, Mar 30, 2005 at 10:21:00AM -0700, Lee Wu wrote: > I have some questions regarding post date on Feb 1, 2005 > 1. What is "LOAD" option it referred? The SQL command used to load dynamic libraries. > 2. Which versions does the security hole affect? (Back from 7.2 > till 8.0?) > > Link > http://archives.postgresql.org/pgsql-general/2005-02/msg00384.php > <http://archives.postgresql.org/pgsql-general/2005-02/msg00384.php> > says "Version(s): 8.0.1, 7.4.7, 7.3.9, 7.2.7", > does that mean this security only occur in those versions? Releases previous to 7.2 are not supported, so no patch is produced even if they are affected. -- Alvaro Herrera (<alvherre[@]dcc.uchile.cl>) "Now I have my system running, not a byte was off the shelf; It rarely breaks and when it does I fix the code myself. It's stable, clean and elegant, and lightning fast as well, And it doesn't cost a nickel, so Bill Gates can go to hell."
>> 2. Which versions does the security hole affect? (Back from 7.2 >> till 8.0?) >> >> Link >> http://archives.postgresql.org/pgsql-general/2005-02/msg00384.php >> <http://archives.postgresql.org/pgsql-general/2005-02/msg00384.php> >> says "Version(s): 8.0.1, 7.4.7, 7.3.9, 7.2.7", >> does that mean this security only occur in those versions? > >Releases previous to 7.2 are not supported, so no patch is >produced even >if they are affected. It does, however, occur in 8.0.0, 7.4.0-6, 7.3.0-8 and 7.2.0-6. Not sure if that's what the original question was about, but in case there is any uncertainty about it... It specifically does *not* occur in the versions listed in that advisory, those are the fixed ones. //Magnus
Thanks, I think I am clear now: 8.0.1, 7.4.7, 7.3.9, 7.2.7 are fixed versions, while 8.0.0, 7.4.0-6, 7.3.0-8 and 7.2.0-6 are affected ones. If, ie, my PG version is 7.4.3, I need to upgrade to 7.4.7. -----Original Message----- From: Magnus Hagander [mailto:mha@sollentuna.net] Sent: Wednesday, March 30, 2005 11:58 AM To: Alvaro Herrera; Lee Wu Cc: pgsql-admin@postgresql.org Subject: SV: [ADMIN] Security Release >> 2. Which versions does the security hole affect? (Back from 7.2 >> till 8.0?) >> >> Link >> http://archives.postgresql.org/pgsql-general/2005-02/msg00384.php >> <http://archives.postgresql.org/pgsql-general/2005-02/msg00384.php> >> says "Version(s): 8.0.1, 7.4.7, 7.3.9, 7.2.7", >> does that mean this security only occur in those versions? > >Releases previous to 7.2 are not supported, so no patch is >produced even >if they are affected. It does, however, occur in 8.0.0, 7.4.0-6, 7.3.0-8 and 7.2.0-6. Not sure if that's what the original question was about, but in case there is any uncertainty about it... It specifically does *not* occur in the versions listed in that advisory, those are the fixed ones. //Magnus