X-Original-To: pgsql-www-postgresql.org@localhost.postgresql.org
Received: from localhost (av.hub.org [200.46.204.144])
	by postgresql.org (Postfix) with ESMTP id 451E39DCBF0;
	Mon,  9 Jan 2006 05:29:15 -0400 (AST)
Received: from postgresql.org ([200.46.204.71])
	by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024)
	with ESMTP id 19569-07; Mon,  9 Jan 2006 05:29:16 -0400 (AST)
X-Greylist: from auto-whitelisted by SQLgrey-
X-Greylist: from auto-whitelisted by SQLgrey-
Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.112.4.54])
	by postgresql.org (Postfix) with ESMTP id 184399DCA1D;
	Mon,  9 Jan 2006 05:29:11 -0400 (AST)
Received: from [192.168.0.3] (unknown [84.12.184.6])
	by smtp.nildram.co.uk (Postfix) with ESMTP
	id C815626BD48; Mon,  9 Jan 2006 09:29:11 +0000 (GMT)
Subject: Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoS
From: Simon Riggs <simon@2ndquadrant.com>
To: Magnus Hagander <mha@sollentuna.net>,
	"Marc G. Fournier" <scrappy@postgresql.org>
Cc: pgsql-www@postgresql.org
In-Reply-To: <20060109022952.F1088@ganymede.hub.org>
References: <20060109022952.F1088@ganymede.hub.org>
Content-Type: text/plain
Date: Mon, 09 Jan 2006 09:29:12 +0000
Message-Id: <1136798952.21025.344.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Evolution 2.2.3 (2.2.3-2.fc4) 
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at hub.org
X-Spam-Status: No, score=0.053 required=5 tests=[AWL=0.053]
X-Spam-Score: 0.053
X-Spam-Level: 
X-Archive-Number: 200601/28
X-Sequence-Number: 9216

On Mon, 2006-01-09 at 02:33 -0400, Marc G. Fournier wrote:
> PostgreSQL patch versions 8.1.2, 8.0.6, 7.4.11 and 7.3.13 are available 
> today.  The fixes in the 8.1 and 8.0 branches are critical, especially for 
> Windows users, and users of these branches are urged to update at their 
> earliest opportunity.
> 
> One critical fix repairs a denial-of-service vulnerability: on Windows 
> only, the postmaster will exit if too many connection requests arrive 
> simultaneously.  This does not affect existing database connections, but 
> will prevent new connections from being established until the postmaster 
> is manually restarted.  

> The Common Vulnerabilities and Exposures (CVE) 
> project has assigned the name CVE-2006-0105 to this issue.

No they haven't: there is no such CVE number assigned, nor is there one
pending - I just checked. (The numbers don't go that high yet).

[I was looking to update the Security page, but can't find the
appropriate refs.]

Best Regards, Simon Riggs