| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-www(at)postgreSQL(dot)org |
| Subject: | Fwd: Incorrect CVE mappings in http://www.postgresql.org/support/security/ page |
| Date: | 2014-03-28 18:14:03 |
| Message-ID: | 25193.1396030443@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
This was sent to pgsql-security, but there's no security issue as such,
so reposting to the list where people can fix it.
regards, tom lane
------- Forwarded Message
Date: Fri, 28 Mar 2014 15:41:48 +0000
From: "Christey, Steven M." <coley(at)mitre(dot)org>
To: "security(at)postgresql(dot)org" <security(at)postgresql(dot)org>
cc: Assign a CVE Identifier <cve-assign(at)mitre(dot)org>
Subject: [pgsql-security] Incorrect CVE mappings in
http://www.postgresql.org/support/security/ page
Hello,
On your http://www.postgresql.org/support/security/ page, you have the entries for CVE-2014-0063 and CVE-2014-0064 switched. That is, CVE-2014-0063 should be for the "Potential buffer overruns in datetime input/output," and CVE-2014-0064 should be for "Potential buffer overruns due to integer overflow in size calculations."
If you can fix this, it could reduce confusion by some people. This might be the only page containing the erroneous mapping. Other PostgreSQL pages, including the commits, associate CVE-2014-0063 with datetime and CVE-2014-0064 with the integer overflows.
Regards,
Steve Christey Coley
CVE assignment team, MITRE CVE Numbering Authority
------- End of Forwarded Message
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2014-03-28 18:22:01 | Re: Fwd: Incorrect CVE mappings in http://www.postgresql.org/support/security/ page |
| Previous Message | David Johnston | 2014-03-28 15:58:50 | Re: Jdbc downloads pages questions/suggestions |