Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in

On Tue, 2002-08-20 at 17:15, Tom Lane wrote:
> Yes it has. CVS logs show
>
> 2002-08-04 02:44 thomas
>
> * src/backend/utils/adt/: date.c, datetime.c, format_type.c,
> nabstime.c, timestamp.c, varlena.c: Add guard code to protect from
> buffer overruns on long date/time input strings. [other
> comments pruned, but note this commit did a lot of other stuff too]
>
> The original argument was about whether we should push out a 7.2.2
> release just because of this fix. AFAIK no one has even troubled to
> look at the patch and see whether it applies directly to the 7.2 branch;
> Thomas has revised the date/time code quite a bit since 7.2, so I'd
> expect that it's not going to apply exactly.

It doesn't. I tried, since there's a Debian bug requesting those
patches be applied, but as far as I remember every hunk failed.
I didn't have time to try to make it fit.

--
Oliver Elphick Oliver(dot)Elphick(at)lfix(dot)co(dot)uk
Isle of Wight, UK
http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
========================================
"But I would not have you to be ignorant, brethren,
concerning them which are asleep, that ye sorrow not,
even as others which have no hope. For if we believe
that Jesus died and rose again, even so them also
which sleep in Jesus will God bring with him."
I Thessalonians 4:13,14