Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in
Marc Fournier <scrappy@hub.org>
From: "Marc G. Fournier" <scrappy@hub.org>
To: Justin Clift <justin@postgresql.org>
Cc: Bruce Momjian <pgman@candle.pha.pa.us>, Robert Treat <xzilla@users.sourceforge.net>, Neil Conway <neilc@samurai.com>, Gavin Sherry <swm@linuxworld.com.au>, Christopher Kings-Lynne <chriskl@familyhealth.com.au>, <pgsql-hackers@postgresql.org>
Date: 2002-08-21T17:52:27Z
Lists: pgsql-hackers
On Thu, 22 Aug 2002, Justin Clift wrote: > - Find out from Sir Mordred if he wants to take a look at the CVS > version of code and audit in that for a bit, Just In Case he turns > up something that's serious and requires substantial re-work. > Although it means he wouldn't have a bunch of "I found this existing > exploit" type releases, we could instead offer him credit on the > press release along the lines of "This released has been audited for > security flaws in its code by Sir Mordred". Am pretty sure he'd > do a very thorough job for that, as it means he'd have an official > "product reputation" he'd need to stand by for it. "Security Relatd Fixed" are applicable for adoption during the beta period, leading up to release ... > - Patches to the CVS tree which let us have a truly native windows > version. This is of huge significance and would *very* much improve > our growth and adoption by being in this release in comparison to > being in the release afterwards. Not in an airy fairy way, but > quite definitely and solidly. If they aren't in by now, they should wait until the next dev cycle ... unless they are *small* changes ...