Thread: Security bugs

I heard that 2 security bugs were fixed in 8.1.4.
Since I like to upgrade from 8.1.3, I like to know the bugs.
Can somebody give the description of those bugs?

Thanks
Dhanaraj

On Jul 26, 2006, at 19:17 , Dhanaraj M wrote:

> I heard that 2 security bugs were fixed in 8.1.4.
> Since I like to upgrade from 8.1.3, I like to know the bugs.
> Can somebody give the description of those bugs?

Following the "Security" link from the Postgres home page:

http://www.postgresql.org/support/security.html

You'll see a list of all security issues. The top two (CVE-2006-2314  
and CVE-2006-2313) are probably the two you heard about.

Hope this helps.

Michael Glaesemann
grzm seespotcode net

Dhanaraj M wrote:
>
> I heard that 2 security bugs were fixed in 8.1.4.
> Since I like to upgrade from 8.1.3, I like to know the bugs.
> Can somebody give the description of those bugs?


There is a list of the changes in each release in the Release Notes. In 
this case, you want: 
http://www.postgresql.org/docs/current/static/release.html#RELEASE-8-1-4

For this particular case there are also other docs: see 
http://www.postgresql.org/docs/techdocs.48

Essentially the security issues are related to uses of multi-byte encodings.

cheers

andrew