public inbox for [email protected]
help / color / mirror / Atom feedRe: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoSVulnerability
3+ messages / 3 participants
[nested] [flat]
* Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoSVulnerability
@ 2006-01-09 09:33 Magnus Hagander <[email protected]>
2006-01-09 10:27 ` Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix Simon Riggs <[email protected]>
0 siblings, 1 reply; 3+ messages in thread
From: Magnus Hagander @ 2006-01-09 09:33 UTC (permalink / raw)
To: Simon Riggs <[email protected]>; Marc G. Fournier <[email protected]>; +Cc: pgsql-www
> > PostgreSQL patch versions 8.1.2, 8.0.6, 7.4.11 and 7.3.13 are
> > available today. The fixes in the 8.1 and 8.0 branches are
> critical,
> > especially for Windows users, and users of these branches
> are urged to
> > update at their earliest opportunity.
> >
> > One critical fix repairs a denial-of-service vulnerability:
> on Windows
> > only, the postmaster will exit if too many connection
> requests arrive
> > simultaneously. This does not affect existing database
> connections,
> > but will prevent new connections from being established until the
> > postmaster is manually restarted.
>
> > The Common Vulnerabilities and Exposures (CVE) project has assigned
> > the name CVE-2006-0105 to this issue.
>
> No they haven't: there is no such CVE number assigned, nor is
> there one pending - I just checked. (The numbers don't go
> that high yet).
Yes, they have. At least according to their own mail ;-)
It won't show up until the public post is made to bugtraq though. (Or
secunia) And it may be that it hasn't propagated out enough yet, since
it was assigned just this friday.
> [I was looking to update the Security page, but can't find
> the appropriate refs.]
Already done. Will be on the next update, until then you can find it on
http://magnus-master.pgadmin.org/
//Magnus
^ permalink raw reply [nested|flat] 3+ messages in thread
* Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix
2006-01-09 09:33 Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoSVulnerability Magnus Hagander <[email protected]>
@ 2006-01-09 10:27 ` Simon Riggs <[email protected]>
2006-01-09 16:21 ` Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix Tom Lane <[email protected]>
0 siblings, 1 reply; 3+ messages in thread
From: Simon Riggs @ 2006-01-09 10:27 UTC (permalink / raw)
To: Magnus Hagander <[email protected]>; +Cc: Marc G. Fournier <[email protected]>; pgsql-www
On Mon, 2006-01-09 at 10:33 +0100, Magnus Hagander wrote:
> > > The Common Vulnerabilities and Exposures (CVE) project has assigned
> > > the name CVE-2006-0105 to this issue.
> >
> > No they haven't: there is no such CVE number assigned, nor is
> > there one pending - I just checked. (The numbers don't go
> > that high yet).
>
> Yes, they have. At least according to their own mail ;-)
> It won't show up until the public post is made to bugtraq though. (Or
> secunia) And it may be that it hasn't propagated out enough yet, since
> it was assigned just this friday.
Cool, we fixed before they could release fully! Well done guys.
[I'll leave it to you next time Magnus]
Best Regards, Simon Riggs
^ permalink raw reply [nested|flat] 3+ messages in thread
* Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix
2006-01-09 09:33 Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoSVulnerability Magnus Hagander <[email protected]>
2006-01-09 10:27 ` Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix Simon Riggs <[email protected]>
@ 2006-01-09 16:21 ` Tom Lane <[email protected]>
0 siblings, 0 replies; 3+ messages in thread
From: Tom Lane @ 2006-01-09 16:21 UTC (permalink / raw)
To: Simon Riggs <[email protected]>; +Cc: Magnus Hagander <[email protected]>; Marc G. Fournier <[email protected]>; pgsql-www
Simon Riggs <[email protected]> writes:
> Cool, we fixed before they could release fully! Well done guys.
No, you have that backwards: they don't release info until we tell them
they can.
regards, tom lane
^ permalink raw reply [nested|flat] 3+ messages in thread
end of thread, other threads:[~2006-01-09 16:21 UTC | newest]
Thread overview: 3+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2006-01-09 09:33 Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix DoSVulnerability Magnus Hagander <[email protected]>
2006-01-09 10:27 ` Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix Simon Riggs <[email protected]>
2006-01-09 16:21 ` Re: [ANNOUNCE] CRITICAL RELEASE: Minor Releases to Fix Tom Lane <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox