| From: | Greg Sabino Mullane <greg(at)endpoint(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Release of CVEs |
| Date: | 2015-10-11 11:54:53 |
| Message-ID: | 20151011115453.GB11699@broken.home |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
The release notes for the new version reference some CVEs that
have not been publically released yet. Are they slow, or is
this something that needs to be added to the release
process checklist?
For example, see the CVE hyperlink for json parsing at:
https://bucardo.org/postgres_all_versions.html#version_9.4.5
which leads to:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5289
It's also possible the wrong CVE was entered, but I don't see
one that seems to pertain to the issue described (and
CVE-2015-5288, -3166, -3167, -0243, -0244 are in the same boat).
--
Greg Sabino Mullane greg(at)endpoint(dot)com
End Point Corporation
PGP Key: 0x14964AC8
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jinyu | 2015-10-11 11:55:28 | Re: Improve the concurency of vacuum full table and select statement on the same relation |
| Previous Message | Amir Rohan | 2015-10-11 10:31:44 | Re: Re: In-core regression tests for replication, cascading, archiving, PITR, etc. |