[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Postgres buffer overflow in stable .

On Wed, 2002-09-11 at 03:39, Jean-Francois Dive wrote:
> Hello all,
> 
> The bug 155419 opened 37 days old point to a serious security issue with postgres
> as i can lead to DOS from local users or worst, make non-serious SQL  / perl / php
> bugs worst (from non exploitable to DOS capable). As far as i can see, Oliver tried
> to upload 7.2.2-X in woody and i suppose it have been properly refused by ftpmaster
> and even worst was not uploaded as a security update. 
> 
> So, What the ? As far as i can see, the port of the fixes to 7.2.1 should not be a major
> issue. Could anything beeing done for this ? I can make the packages if needed.

The proposed upgrade is being negotiated with the security team.

-- 
Oliver Elphick                                Oliver.Elphick@lfix.co.uk
Isle of Wight, UK                            
http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839  932A 614D 4C34 3E1D 0C1C
                 ========================================
     "I am crucified with Christ; nevertheless I live; yet 
      not I, but Christ liveth in me; and the life which I 
      now live in the flesh I live by the faith of the Son 
      of God, who loved me, and gave himself for me."       
                                         Galatians 2:20
Reply to: