| From: | Justin Clift <justin(at)postgresql(dot)org> |
|---|---|
| To: | Sir Mordred The Traitor <mordred(at)s-mail(dot)com> |
| Cc: | PostgreSQL Hackers Mailing List <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Multiple vulnerabilities in PostgreSQL |
| Date: | 2002-08-20 21:54:17 |
| Message-ID: | 3D62BA89.ED1971F6@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi Mordred,
Thanks for doing this testing for vulnerabilities for us.
Some PostgreSQL team members have been looking to organise an "audit"
team to remove vulnerabilities like this, and your posts to BugTraq have
assisted in getting that further mobilised.
Something that is concerning us though, is that whilst one of these bugs
was known and on our "to fix" list, there are some that were not known
and you're not notifying us up front so we can fix them before details
are publicly released.
Would you be able to work in with us from here, notifying us of these
vulnerabilities with some decent amount of time in advance so we can
create the necessary patches/fixes, etc?
:-)
Regards and best wishes,
Justin Clift
--
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Neil Conway | 2002-08-20 22:24:35 | backpatch of datetime fixes |
| Previous Message | Bruce Momjian | 2002-08-20 21:34:43 | Re: [PATCHES] Patch for roll forward recovery (PITR) |