| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Tatsuo Ishii <t-ishii(at)sra(dot)co(dot)jp> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: a vulnerability in PostgreSQL |
| Date: | 2002-05-02 14:23:35 |
| Message-ID: | 7311.1020349415@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tatsuo Ishii <t-ishii(at)sra(dot)co(dot)jp> writes:
> Here are the precise conditions to trigger the scenario:
> (1) the backend is PostgreSQL 6.5.x
> (2) multibyte support is enabled (--enable-multibyte)
> (3) the database encoding is SQL_ASCII (other encodings are not
> affected by the bug).
> (4) the client encoding is set to other than SQL_ASCII
> I think I am responsible for this since I originally wrote the
> code. Sorry for this. I'm going to make back port patches to fix the
> problem for pre 7.2 versions.
It doesn't really seem worth the trouble to make patches for 6.5.x.
If someone hasn't upgraded yet, they aren't likely to install patches
either. (ISTR there are other known security risks in 6.5, anyway.)
If the problem is fixed in 7.0 and later, why not just tell people to
upgrade?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oleg Bartunov | 2002-05-02 14:28:36 | Re: Schemas: status report, call for developers |
| Previous Message | Tom Lane | 2002-05-02 14:15:29 | Re: Using views and MS access via odbc |