Date: Mon, 26 Aug 2002 15:29:48 +0200 From: Sheldon Hearn <sheldonh@starjuice.net> To: Trevor Johnson <trevor@jpj.net> Cc: Tim Robbins <tjr@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/databases/postgresql7 Makefile Message-ID: <20020826132948.GE98501@starjuice.net> In-Reply-To: <20020825213303.K31112-100000@blues.jpj.net> References: <20020825161241.A69260@dilbert.robbins.dropbear.id.au> <20020825213303.K31112-100000@blues.jpj.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On (2002/08/25 21:34), Trevor Johnson wrote: > > Wouldn't it be a better idea to update the port to 7.2.2 instead of > > forbidding 7.2.1? > > Of course, but there were extensive changes between 7.2.1 and 7.2.2: > > 895 files changed, 1266 insertions(+), 155653 deletions(-) Not necessarily, according to the PostgreSQL-released advisory. There may have been many changes to the source, but their impact is not believed to be extensive. Anyway, the vulnerabilities are a bit of a joke; they allow folks with authority to talk directly to the database to elevate privelege all the way up to that of the pgsql user. The guy who posted the vulnerabilities quite obviously has ill feelings toward PostgreSQL. I'm not saying you've done anything wrong. Just giving you a bit more background. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020826132948.GE98501>