Thread: Security Release

Security Release

From
"Lee Wu"
Date:

Hi all,

 

I have some questions regarding post date on Feb 1, 2005

http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php

 

  1. What is “LOAD” option it referred?
  2. Which versions does the security hole affect? (Back from 7.2 till 8.0?)
      Link http://archives.postgresql.org/pgsql-general/2005-02/msg00384.php says “Version(s): 8.0.1, 7.4.7, 7.3.9, 7.2.7”, 
      does that mean this security only occur in those versions?
 
Thanks, 

Re: Security Release

From
Alvaro Herrera
Date:
On Wed, Mar 30, 2005 at 10:21:00AM -0700, Lee Wu wrote:

> I have some questions regarding post date on Feb 1, 2005

> 1.    What is "LOAD" option it referred?

The SQL command used to load dynamic libraries.

> 2.    Which versions does the security hole affect? (Back from 7.2
> till 8.0?)
>
>       Link
> http://archives.postgresql.org/pgsql-general/2005-02/msg00384.php
> <http://archives.postgresql.org/pgsql-general/2005-02/msg00384.php>
> says "Version(s): 8.0.1, 7.4.7, 7.3.9, 7.2.7",
>       does that mean this security only occur in those versions?

Releases previous to 7.2 are not supported, so no patch is produced even
if they are affected.

--
Alvaro Herrera (<alvherre[@]dcc.uchile.cl>)
"Now I have my system running, not a byte was off the shelf;
It rarely breaks and when it does I fix the code myself.
It's stable, clean and elegant, and lightning fast as well,
And it doesn't cost a nickel, so Bill Gates can go to hell."

Re: Security Release

From
"Magnus Hagander"
Date:
>> 2.    Which versions does the security hole affect? (Back from 7.2
>> till 8.0?)
>>
>>       Link
>> http://archives.postgresql.org/pgsql-general/2005-02/msg00384.php
>> <http://archives.postgresql.org/pgsql-general/2005-02/msg00384.php>
>> says "Version(s): 8.0.1, 7.4.7, 7.3.9, 7.2.7",
>>       does that mean this security only occur in those versions?
>
>Releases previous to 7.2 are not supported, so no patch is
>produced even
>if they are affected.

It does, however, occur in 8.0.0, 7.4.0-6, 7.3.0-8 and 7.2.0-6. Not sure
if that's what the original question was about, but in case there is any
uncertainty about it...

It specifically does *not* occur in the versions listed in that
advisory, those are the fixed ones.

//Magnus

Re: Security Release

From
"Lee Wu"
Date:
Thanks,

I think I am clear now:
8.0.1, 7.4.7, 7.3.9, 7.2.7 are fixed versions,
while 8.0.0, 7.4.0-6, 7.3.0-8 and 7.2.0-6 are affected ones.
If, ie, my PG version is 7.4.3, I need to upgrade to 7.4.7.

-----Original Message-----
From: Magnus Hagander [mailto:mha@sollentuna.net]
Sent: Wednesday, March 30, 2005 11:58 AM
To: Alvaro Herrera; Lee Wu
Cc: pgsql-admin@postgresql.org
Subject: SV: [ADMIN] Security Release

>> 2.    Which versions does the security hole affect? (Back from 7.2
>> till 8.0?)
>>
>>       Link
>> http://archives.postgresql.org/pgsql-general/2005-02/msg00384.php
>> <http://archives.postgresql.org/pgsql-general/2005-02/msg00384.php>
>> says "Version(s): 8.0.1, 7.4.7, 7.3.9, 7.2.7",
>>       does that mean this security only occur in those versions?
>
>Releases previous to 7.2 are not supported, so no patch is
>produced even
>if they are affected.

It does, however, occur in 8.0.0, 7.4.0-6, 7.3.0-8 and 7.2.0-6. Not sure
if that's what the original question was about, but in case there is any
uncertainty about it...

It specifically does *not* occur in the versions listed in that
advisory, those are the fixed ones.

//Magnus