Re: [GENERAL] PostgreSQL 7.2.2: Security Release

Neil Conway <neilc@samurai.com>

From: Neil Conway <neilc@samurai.com>
To: Bruce Momjian <pgman@candle.pha.pa.us>
Cc: "Marc G. Fournier" <scrappy@hub.org>, PostgreSQL-development <pgsql-hackers@postgreSQL.org>
Date: 2002-08-24T03:58:02Z
Lists: pgsql-hackers, pgsql-general
Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Marc G. Fournier wrote:
> > Although v7.2.2 is a purely plug-n-play upgrade from v7.2.1, requiring no
> > dump-n-reload of the database, it should be noted that these
> > vulnerabilities are only critical on "open" or "shared" systems, as they
> > require the ability to be able to connect to the database before they can
> > be exploited.
> 
> Excellent idea you pointed this out.

... except that it's not correct. The datetime overrun does not
require the ability to connect to the database.

Cheers,

Neil

-- 
Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC