| From: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Daniel Verite <daniel(at)manitou-mail(dot)org>, pgsql-general <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: CVE-2019-9193 about COPY FROM/TO PROGRAM |
| Date: | 2019-04-02 13:55:05 |
| Message-ID: | cf1c698a-3ac5-46f4-cffe-d235acd8f6e0@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 4/2/19 1:05 AM, Michael Paquier wrote:
> On Mon, Apr 01, 2019 at 10:04:32AM -0400, Jonathan S. Katz wrote:
>> +1, though I’d want to see if people get noisier about it before we rule
>> out an official response.
>>
>> A blog post from a reputable author who can speak to security should
>> be good enough and we can make noise through our various channels.
>
> Need a hand? Not sure if I am reputable enough though :)
I believe you are, and any blog entries helping the matter are welcome :)
> By the way, it could be the occasion to consider an official
> PostgreSQL blog on the main website. News are not really a model
> adapted for problem analysis and for entering into technical details.
I think this is warrants a longer discussion, albeit for a different day.
Jonathan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2019-04-02 13:59:23 | Re: logical replication - negative bitmapset member not allowed |
| Previous Message | Brad Nicholson | 2019-04-02 12:35:02 | Re: CVE-2019-9193 about COPY FROM/TO PROGRAM |