Re: PostgreSQL Security Release(s) for 7.2, 7.3 and 7.4

From: Neil Conway <neilc(at)samurai(dot)com>
To: "Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: PostgreSQL Security Release(s) for 7.2, 7.3 and 7.4
Date: 2004-10-24 07:19:42
Message-ID: 417B578E.2000308@samurai.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-announce pgsql-general

Marc G. Fournier wrote:
> In order to address a recent security report from iDefence, we have
> released 3 new "point" releases: 7.2.6, 7.3.8 and 7.4.6

Assuming you're referring to the make_oidjoins_check bug, I don't think
it is accurate to bill these as "security releases". As the 7.4.6
release notes plainly state:

---
# Avoid using temp files in /tmp in make_oidjoins_check

This has been reported as a security issue, though it's hardly worthy of
concern since there is no reason for non-developers to use this script
anyway.
---

That said, the fix for the clog bug is reason enough to make the point
releases, and reason enough for users to upgrade.

-Neil

In response to

Responses

Browse pgsql-announce by date

  From Date Subject
Next Message Tom Lane 2004-10-24 14:43:14 Re: PostgreSQL Security Release(s) for 7.2, 7.3 and 7.4
Previous Message Oliver Elphick 2004-10-23 15:59:26 Re: Slony-I 1.0.4 Released

Browse pgsql-general by date

  From Date Subject
Next Message Michael Glaesemann 2004-10-24 07:25:28 Re: '1 year' = '360 days' ????
Previous Message Pierre-Frédéric Caillaud 2004-10-24 07:13:14 Re: '1 year' = '360 days' ????