Postgres buffer overflow in stable .

To: debian-security@lists.debian.org, Oliver.Elphick@lfix.co.uk, Weimer@CERT.Uni-Stuttgart.DE
Subject: Postgres buffer overflow in stable .
From: Jean-Francois Dive <jef@debian.org>
Date: Wed, 11 Sep 2002 12:39:33 +1000
Message-id: <[🔎] 20020911023933.GD435@gnoll.homeip.net>

Hello all,

The bug 155419 opened 37 days old point to a serious security issue with postgres
as i can lead to DOS from local users or worst, make non-serious SQL  / perl / php
bugs worst (from non exploitable to DOS capable). As far as i can see, Oliver tried
to upload 7.2.2-X in woody and i suppose it have been properly refused by ftpmaster
and even worst was not uploaded as a security update. 

So, What the ? As far as i can see, the port of the fixes to 7.2.1 should not be a major
issue. Could anything beeing done for this ? I can make the packages if needed.

JeF
-- 

-> Jean-Francois Dive
--> jef@linuxbe.org

  There is no such thing as randomness.  Only order of infinite
  complexity.  - _The Holographic Universe_, Michael Talbot

Reply to:

Follow-Ups:
- Re: Postgres buffer overflow in stable .
  - From: Oliver Elphick <olly@lfix.co.uk>
- Re: Postgres buffer overflow in stable .
  - From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>

Prev by Date: Re: [OT] AW: Printing ?
Next by Date: Re: Postgres buffer overflow in stable .
Previous by thread: Re: "suspicious" apache log entries
Next by thread: Re: Postgres buffer overflow in stable .
Index(es):
- Date
- Thread