Re: Fwd: Incorrect CVE mappings in http://www.postgresql.org/support/security/ page

Fixed, will be out with the next site update.

//Magnus

On Fri, Mar 28, 2014 at 7:14 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> This was sent to pgsql-security, but there's no security issue as such,
> so reposting to the list where people can fix it.
>
> regards, tom lane
>
> ------- Forwarded Message
>
> Date: Fri, 28 Mar 2014 15:41:48 +0000
> From: "Christey, Steven M." <coley(at)mitre(dot)org>
> To: "security(at)postgresql(dot)org" <security(at)postgresql(dot)org>
> cc: Assign a CVE Identifier <cve-assign(at)mitre(dot)org>
> Subject: [pgsql-security] Incorrect CVE mappings in
> http://www.postgresql.org/support/security/ page
>
> Hello,
>
> On your http://www.postgresql.org/support/security/ page, you have the
> entries for CVE-2014-0063 and CVE-2014-0064 switched. That is,
> CVE-2014-0063 should be for the "Potential buffer overruns in datetime
> input/output," and CVE-2014-0064 should be for "Potential buffer overruns
> due to integer overflow in size calculations."
>
> If you can fix this, it could reduce confusion by some people. This might
> be the only page containing the erroneous mapping. Other PostgreSQL pages,
> including the commits, associate CVE-2014-0063 with datetime and
> CVE-2014-0064 with the integer overflows.
>
> Regards,
> Steve Christey Coley
> CVE assignment team, MITRE CVE Numbering Authority
>
> ------- End of Forwarded Message
>
>
> --
> Sent via pgsql-www mailing list (pgsql-www(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-www
>

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/