Vincent Danen wrote: A stack overflow was found in how PostgreSQL handles conversion encoding. This could allow an authenticated user to kill connections to the PostgreSQL server for a small amount of time, which could interupt transactions by other users/clients. The original report is here: http://archives.postgresql.org/pgsql-bugs/2009-02/msg00172.php Upstream has a patch for this issue that causes the server to crash in a different way (core dump due to abort() rather than core dump due to stack overflow), but it sounds like they are still looking for a better fix.
According to upstream [1], this issue is fixed in the following releases: 8.3.7, 8.2.13, 8.1.17, 8.0.21, 7.4.25 [1] http://www.postgresql.org/support/security.html
This should be resolved along with bug 320967.
This issue was resolved and addressed in GLSA 201110-22 at http://security.gentoo.org/glsa/glsa-201110-22.xml by GLSA coordinator Alex Legler (a3li).