From owner-freebsd-ports@FreeBSD.ORG  Thu Mar 25 14:44:26 2010
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: FreeBSD-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 98BFB1065673
	for <FreeBSD-ports@freebsd.org>; Thu, 25 Mar 2010 14:44:26 +0000 (UTC)
	(envelope-from gary.jennejohn@freenet.de)
Received: from mout2.freenet.de (mout2.freenet.de [IPv6:2001:748:100:40::2:4])
	by mx1.freebsd.org (Postfix) with ESMTP id 320668FC39
	for <FreeBSD-ports@freebsd.org>; Thu, 25 Mar 2010 14:44:26 +0000 (UTC)
Received: from [195.4.92.22] (helo=12.mx.freenet.de)
	by mout2.freenet.de with esmtpa (ID gary.jennejohn@freenet.de) (port
	25) (Exim 4.72 #2)
	id 1NuoIK-0005vS-3L; Thu, 25 Mar 2010 15:44:24 +0100
Received: from p57ae02fa.dip0.t-ipconnect.de ([87.174.2.250]:44923
	helo=ernst.jennejohn.org)
	by 12.mx.freenet.de with esmtpa (ID gary.jennejohn@freenet.de) (port
	25) (Exim 4.72 #2)
	id 1NuoIJ-00077A-Fk; Thu, 25 Mar 2010 15:44:23 +0100
Date: Thu, 25 Mar 2010 15:44:20 +0100
From: Gary Jennejohn <gary.jennejohn@freenet.de>
To: Alexander Pyhalov <alp@rsu.ru>
Message-ID: <20100325154420.6c91a7b9@ernst.jennejohn.org>
In-Reply-To: <4BAB6135.4030800@rsu.ru>
References: <4BAB6135.4030800@rsu.ru>
X-Mailer: Claws Mail 3.7.5 (GTK+ 2.18.7; amd64-portbld-freebsd9.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: Freebsd Ports <FreeBSD-ports@freebsd.org>
Subject: Re: postgres and CVE-2010-0442
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: gary.jennejohn@freenet.de
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Mar 2010 14:44:26 -0000

On Thu, 25 Mar 2010 16:12:21 +0300
Alexander Pyhalov <alp@rsu.ru> wrote:

> Hello.
> Could someone look at http://www.freebsd.org/cgi/query-pr.cgi?pr=144863 
> ?  There is quite serious security issue in postgres, which allow any 
> user to kill others' sessions.
>

It's only been a week since it was assigned to the maintainer (girgen@)
to look at.

It's too soon for a maintainer timeout, although I suppose if this is
considered to be an enormous security risk it could be committed without
waiting.

I'd say that's a decision for portmgr@ to make.

--
Gary Jennejohn