Re: [GENERAL] PostgreSQL 7.2.2: Security Release
Marc Fournier <scrappy@hub.org>
From: "Marc G. Fournier" <scrappy@hub.org>
To: Neil Conway <neilc@samurai.com>
Cc: Bruce Momjian <pgman@candle.pha.pa.us>, PostgreSQL-development <pgsql-hackers@postgreSQL.org>
Date: 2002-08-24T04:02:36Z
Lists: pgsql-hackers, pgsql-general
On 23 Aug 2002, Neil Conway wrote: > Bruce Momjian <pgman@candle.pha.pa.us> writes: > > Marc G. Fournier wrote: > > > Although v7.2.2 is a purely plug-n-play upgrade from v7.2.1, requiring no > > > dump-n-reload of the database, it should be noted that these > > > vulnerabilities are only critical on "open" or "shared" systems, as they > > > require the ability to be able to connect to the database before they can > > > be exploited. > > > > Excellent idea you pointed this out. > > ... except that it's not correct. The datetime overrun does not > require the ability to connect to the database. Ack ... obviously I missed something, but, if you can't get a connection to the database, how exactly is this one triggered? :(