Re: [GENERAL] PostgreSQL 7.2.2: Security Release
Neil Conway <neilc@samurai.com>
From: Neil Conway <neilc@samurai.com>
To: Bruce Momjian <pgman@candle.pha.pa.us>
Cc: "Marc G. Fournier" <scrappy@hub.org>, PostgreSQL-development <pgsql-hackers@postgreSQL.org>
Date: 2002-08-24T03:58:02Z
Lists: pgsql-hackers, pgsql-general
Bruce Momjian <pgman@candle.pha.pa.us> writes: > Marc G. Fournier wrote: > > Although v7.2.2 is a purely plug-n-play upgrade from v7.2.1, requiring no > > dump-n-reload of the database, it should be noted that these > > vulnerabilities are only critical on "open" or "shared" systems, as they > > require the ability to be able to connect to the database before they can > > be exploited. > > Excellent idea you pointed this out. ... except that it's not correct. The datetime overrun does not require the ability to connect to the database. Cheers, Neil -- Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC