[Pkg-postgresql-private] Infos and handling #218446
Martin Pitt
martin@piware.de
Sat, 1 Nov 2003 11:21:26 +0100
--PNTmBPCT7hxwcZjr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi Security Team!
postgresql received a security bug #218446 yesterday. Unfortunately
(for testing the fix) there does not seem to be a public exploit
around [1], so I can only eyeball.
Patches [2] and/or [3] seem to be the interesting ones for our stable
version 7.2. Since [3] only changes a pointer type, it looks a bit
odd. I have to evaluate this im more detail.
The unstable version does not have this bug. Am I right that we don't
bother to fix that bug in testing? Or should I prepare an additional
fix?
I will examine that patches and prepare an updated package. I hope
Oliver (the primary maintainer) is around to sign it (I'm just
comaintainer).
This is the first security bug I'm dealing with. I would appreciate
any hints from you how to proceed. TIA!
Have a nice day,
Martin
[1] http://www.securityfocus.com/bid/8741/exploit/
[2] http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/uti=
ls/adt/ascii.c.diff?r1=3D1.12&r2=3D1.12.2.1
[3] http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/uti=
ls/adt/ascii.c.diff?r1=3D1.12.2.1&r2=3D1.12.2.2
--=20
Martin Pitt
home: www.piware.de
eMail: martin@piware.de
--PNTmBPCT7hxwcZjr
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/o4klDecnbV4Fd/IRAk+sAKDu5Im3CIsORtckvtpMHGA9g4KQywCg1AeR
3ZwKr5xSuGAC4in4UeqAoiY=
=yfcQ
-----END PGP SIGNATURE-----
--PNTmBPCT7hxwcZjr--