Forum OpenACS Q&A: Response to Bugtraq: Buffer overflow in PostgreSQL

Collapse
Posted by Lamar Owen on
As a PG developer, let me answer these issues briefly.
<p>
1.)    A 7.2.2 is being prepared as I write this.  7.2.2 has the
majority of these issues addressed.
<p>
2.)    Sir Mordred did not notify the PG community prior to posting
to bugtraq.
<p>
3.)    Jon, Larry Wall created patch, rms didn't. 😊
<p>
4.)    Exploiting the datetime parser overrun will be exceedingly
difficult.  It IS being fixed, however.
<p>
5.)    The DoS attacks against cash_words and cash_out require SQL
command line access, as does the attack against repeat.
<p>
6.)    Don't overblow the issue.  It is being addressed and will be
addressed in an expeditious manner.
<p>
7.3 will be in beta on schedule.  7.2.2 won't have any changes that
require initdb, though.  7.3 beta is slated for Sep 1. 7.2.2 will
probably be released either over the weekend or early next week.
<p>
So much for the arrogant PG developers... 😊