Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (fwd)
Christopher Kings-Lynne <chriskl@familyhealth.com.au>
From: "Christopher Kings-Lynne" <chriskl@familyhealth.com.au>
To: "Neil Conway" <neilc@samurai.com>, "Vince Vielhaber" <vev@michvhf.com>
Cc: <pgsql-hackers@postgresql.org>
Date: 2002-08-21T01:49:57Z
Lists: pgsql-hackers
> Should someone from the core team perhaps get in contact with this guy > and ask if he could get in contact with the development team before > publicizing any further security holes? AFAIK that is standard > operating procedure in most cases... > > Second, it might be worth pushing a 7.2.2 release containing the fix > for this bug, as well as the datetime problem. If that sounds > reasonable to the people who have to do the most work on a new release > (e.g. Marc), I can volunteer to backport a fix for the datetime > problem. It'd be better to contact the dude and get all his bugs out of him, fix them all and issue a 7.2.2 with all the fixes. I think this is now essential - people will be using 7.2 series for ages even after the 7.3 release... Chris