Re: [HACKERS] BUG #2052: Federal Agency Tech Hub Refuses to
John R Pierce <pierce@hogranch.com>
From: John R Pierce <pierce@hogranch.com>
To: Bruce Momjian <pgman@candle.pha.pa.us>
Cc: Peter Eisentraut <peter_e@gmx.net>, pgsql-hackers@postgresql.org, Simon Riggs <simon@2ndquadrant.com>, Tom Lane <tgl@sss.pgh.pa.us>, Stephen Frost <sfrost@snowman.net>, Ferindo Middleton <fmiddleton@verizon.net>, pgsql-bugs@postgresql.org
Date: 2005-11-25T20:42:56Z
Lists: pgsql-bugs, pgsql-hackers
Bruce Momjian wrote: > If someone wants to create a separate web page to track fixes related to > CVE number, that is fine. My guess is that most people reading the > release notes don't care about the CVE numbers themselves (just that > each release has all known security bugs fixed), and most bugs that are > fixed don't have CVE numbers at commit time. I think its quite reasonable for the one line description of a postgres bug to reference "CVE-2005-0247 multiple buffer overflows..." or whatever, I guess it kind of depends on which came first... if the CVE security item came first, and was entered into the PGSQL bug tracker, then this makes a LOT of sense. if the CVE folks create their entry AFTER the bug has been entered into PGSQL, it makes less sense.