Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 6988

Summary: Bugtraq: [GENERAL] PostgreSQL 7.2.2: Security Release
Product: Gentoo Linux Reporter: Maurizio Disimino <kevin>
Component: Current packagesAssignee: Ryan Phillips (RETIRED) <rphillips>
Status: RESOLVED FIXED    
Severity: critical CC: esigra
Priority: Normal    
Version: 1.0   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Maurizio Disimino 2002-08-24 14:59:04 UTC 
Subject: [GENERAL] PostgreSQL 7.2.2: Security Release
Date: Sat, 24 Aug 2002 00:22:17 -0300 (ADT)
From: "Marc G. Fournier" <scrappy@hub.org>
To: pgsql-announce@postgresql.org
Cc: freebsd-databases@freebsd.org, <pgsql-general@postgresql.org>, Vince 
Vielhaber <vev@michvhf.com>

Due to recent security vulnerabilities reported on BugTraq, concerning
several buffer overruns found in PostgreSQL, the PostgreSQL Global
Development Team today released v7.2.2 of PostgreSQL that fixes these
vulnerabilities.

The following buffer overruns have been identified and addressed:

                ... in handling long datetime input
                ... in repeat()
                ... in lpad() and rpad() with multibyte
                ... in SET TIME ZONE and TZ env var

Although v7.2.2 is a purely plug-n-play upgrade from v7.2.1, requiring no
dump-n-reload of the database, it should be noted that these
vulnerabilities are only critical on "open" or "shared" systems, as they
require the ability to be able to connect to the database before they can
be exploited.

The latest release is available at:

        ftp://ftp.postgresql.org/pub/sources/v7.2.2

As well as at appropriate mirror sites.

Please report any bugs/problems with this release to:

                pgsql-bugs@postgresql.org

Marc G. Fournier
Co-ordinator
PostgreSQL Global Development Group
Comment 1 Maurizio Disimino 2002-08-26 04:06:21 UTC 
(file) postgresql-7.2.2.ebuild   1.1  59 minutes  aliz  Security update
allright :)