Summary: | dev-db/postgresql ODBC Driver Remote Buffer Overflow | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Lance Albertson (RETIRED) <ramereth> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | esigra, nakano, pgsql-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | B3 [ebuild+] | ||
Package list: | Runtime testing required: | --- |
Description
Lance Albertson (RETIRED)
![]() This is not very clear. It seems the problem is in the crrent versions too. From : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=247306 http://archives.postgresql.org/pgsql-odbc/2004-06/msg00022.php http://archives.postgresql.org/pgsql-bugs/2004-05/msg00092.php it appears that Debian patched a few buffer overflows but there are several more in the PostgreSQL ODBC driver. There is no upstream fix for the moment... so we can apply the Debian patch and bump, or wait for upstream to fix things correctly. But they don't appear to be in a hurry to do so... If someone has the email for the postgresql herd (maintainer of this package according to metadata.xml), postgresql@gentoo.org doesn't work... No fix upstream, no maintainer here AFAICT... What should we do ? Patch from upstream, not committed yet : http://archives.postgresql.org/pgsql-odbc/2004-07/msg00049.php Cc: nakano for the postgresql herd (postgresql@gentoo.org doesn't seem to work). adding pgsql-bugs@gentoo.org sent email to pgsql-bugs directly asking for some help. we don't have postgresql 7.2* in portage tree. the odbc driver has been removed in postgresql-7.3* or later. (the driver became other package called psqlodbc, but we don't have it as well.) so, we don't need to do anything about this securiy problem. Nice. Closing as INVALID. |