From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
---|---|
To: | Greg Sabino Mullane <greg(at)endpoint(dot)com> |
Cc: | PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Release of CVEs |
Date: | 2015-10-11 13:13:14 |
Message-ID: | CAB7nPqQqqre4G2DxBN14iT9z7OwSToBxkzGDJ277wSeGKkbq0A@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Sun, Oct 11, 2015 at 8:54 PM, Greg Sabino Mullane <greg(at)endpoint(dot)com> wrote:
> The release notes for the new version reference some CVEs that
> have not been publically released yet. Are they slow, or is
> this something that needs to be added to the release
> process checklist?
My guess is that they are simply slow to refresh. If you look at
RedHat stuff they mark those CVEs with the same numbers in their bug
tracker (the database is not updated though).
https://access.redhat.com/security/cve/CVE-2015-5288
https://access.redhat.com/security/cve/CVE-2015-5289
> It's also possible the wrong CVE was entered, but I don't see
> one that seems to pertain to the issue described (and
> CVE-2015-5288, -3166, -3167, -0243, -0244 are in the same boat).
As is CVE-2015-0241, which dates of February. This is way more than
slow... Perhaps we should contact cve at mitre dot org regarding that.
Thoughts?
--
Michael
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew Dunstan | 2015-10-11 14:32:53 | Re: Postgres service stops when I kill client backend on Windows |
Previous Message | Jinyu | 2015-10-11 11:55:28 | Re: Improve the concurency of vacuum full table and select statement on the same relation |