Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoS

On Mon, 2006-01-09 at 02:33 -0400, Marc G. Fournier wrote:
> PostgreSQL patch versions 8.1.2, 8.0.6, 7.4.11 and 7.3.13 are available
> today. The fixes in the 8.1 and 8.0 branches are critical, especially for
> Windows users, and users of these branches are urged to update at their
> earliest opportunity.
>
> One critical fix repairs a denial-of-service vulnerability: on Windows
> only, the postmaster will exit if too many connection requests arrive
> simultaneously. This does not affect existing database connections, but
> will prevent new connections from being established until the postmaster
> is manually restarted.

> The Common Vulnerabilities and Exposures (CVE)
> project has assigned the name CVE-2006-0105 to this issue.

No they haven't: there is no such CVE number assigned, nor is there one
pending - I just checked. (The numbers don't go that high yet).

[I was looking to update the Security page, but can't find the
appropriate refs.]

Best Regards, Simon Riggs