Re: Zlib vulnerability heads-up.

Greg Copeland <greg@copelandconsulting.net>

From: Greg Copeland <greg@CopelandConsulting.Net>
To: Lamar Owen <lamar.owen@wgcr.org>
Cc: Trond Eivind Glomsrød <teg@redhat.com>, PostgresSQL Hackers Mailing List <pgsql-hackers@postgresql.org>
Date: 2002-03-12T20:18:02Z
Lists: pgsql-hackers, pgsql-general
IIRC, the issue here is that it was a double free and that it was ONLY
of possible concern in the even that a specific sequence of calls were
made AND a very cleaver hack was available to allow for
uncontrolled/unvalidated input.

While it may be worth noting, I seriously doubt this is a security issue
for PostgresSQL.

Greg



On Tue, 2002-03-12 at 10:46, Lamar Owen wrote:
> On Tuesday 12 March 2002 11:24 am, Trond Eivind Glomsrød wrote:
> > Lamar Owen <lamar.owen@wgcr.org> writes:
> > > Updating zlib is strongly recommended by many sources, and a patch is
> > > available.
> 
> > FWIW, I really doubt this is much of a problem for postgresql. It's
> > mainly a problem for applications dealing with untrusted, compressed
> > data (webbrowsers, imageviewers, programs with skins downloaded from
> > the Internet) etc.
> 
> It's probably NOT a big problem; but it IS a bug in an underlying library.
> -- 
> Lamar Owen
> WGCR Internet Radio
> 1 Peter 4:11
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
> 
> http://www.postgresql.org/users-lounge/docs/faq.html