Re: why was libpq.so's version number bumped?
Neil Conway <neilc@samurai.com>
From: "Neil Conway" <neilc@samurai.com>
To: <chriskl@familyhealth.com.au>
Cc: <girgen@pingpong.net>, <pgsql-hackers@postgresql.org>
Date: 2002-12-30T21:31:45Z
Lists: pgsql-hackers
Christopher Kings-Lynne said: > There have been HEAPS of security fixes between 7.2 and 7.3. That's only the case if your definition of a "security fix" is pretty fast and loose -- as yours seems to be. > Depending > on your definition of security. eg. Going 'select cash_out(2);' on any > 7.2 server and below will crash the backend. If you consider that a security flaw, there are still innumerable problems of a very similar nature in 7.3 or 7.4-devel (*any* situation in which an untrusted client can execute arbitrary SQL will allow for resource exhaustion, at the very least). By a more reasonable definition of "security flaw", I'm not aware of any significant outstanding problems in 7.2.3 -- there are a bunch of buffer handling fixes in 7.3, but they were made for the sake of correctness (a.k.a. paranoia), not necessarily to fix an actual vulnerability. Cheers, Neil