Thread: Fwd: Incorrect CVE mappings in http://www.postgresql.org/support/security/ page
This was sent to pgsql-security, but there's no security issue as such, so reposting to the list where people can fix it. regards, tom lane ------- Forwarded Message Date: Fri, 28 Mar 2014 15:41:48 +0000 From: "Christey, Steven M." <coley@mitre.org> To: "security@postgresql.org" <security@postgresql.org> cc: Assign a CVE Identifier <cve-assign@mitre.org> Subject: [pgsql-security] Incorrect CVE mappings in http://www.postgresql.org/support/security/ page Hello, On your http://www.postgresql.org/support/security/ page, you have the entries for CVE-2014-0063 and CVE-2014-0064 switched. That is, CVE-2014-0063 should be for the "Potential buffer overruns in datetime input/output," and CVE-2014-0064should be for "Potential buffer overruns due to integer overflow in size calculations." If you can fix this, it could reduce confusion by some people. This might be the only page containing the erroneous mapping. Other PostgreSQL pages, including the commits, associate CVE-2014-0063 with datetime and CVE-2014-0064 with theinteger overflows. Regards, Steve Christey Coley CVE assignment team, MITRE CVE Numbering Authority ------- End of Forwarded Message
Re: Fwd: Incorrect CVE mappings in http://www.postgresql.org/support/security/ page
From
Magnus Hagander
Date:
Fixed, will be out with the next site update.
//Magnus
On Fri, Mar 28, 2014 at 7:14 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
This was sent to pgsql-security, but there's no security issue as such,
so reposting to the list where people can fix it.
regards, tom lane
------- Forwarded Message
Date: Fri, 28 Mar 2014 15:41:48 +0000
From: "Christey, Steven M." <coley@mitre.org>
To: "security@postgresql.org" <security@postgresql.org>
cc: Assign a CVE Identifier <cve-assign@mitre.org>
Subject: [pgsql-security] Incorrect CVE mappings in
http://www.postgresql.org/support/security/ page
Hello,
On your http://www.postgresql.org/support/security/ page, you have the entries for CVE-2014-0063 and CVE-2014-0064 switched. That is, CVE-2014-0063 should be for the "Potential buffer overruns in datetime input/output," and CVE-2014-0064 should be for "Potential buffer overruns due to integer overflow in size calculations."
If you can fix this, it could reduce confusion by some people. This might be the only page containing the erroneous mapping. Other PostgreSQL pages, including the commits, associate CVE-2014-0063 with datetime and CVE-2014-0064 with the integer overflows.Regards,------- End of Forwarded Message
Steve Christey Coley
CVE assignment team, MITRE CVE Numbering Authority
--
Sent via pgsql-www mailing list (pgsql-www@postgresql.org)To make changes to your subscription:http://www.postgresql.org/mailpref/pgsql-www
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/