Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 6988 - Bugtraq: [GENERAL] PostgreSQL 7.2.2: Security Release
Summary: Bugtraq: [GENERAL] PostgreSQL 7.2.2: Security Release
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal critical (vote)
Assignee: Ryan Phillips (RETIRED)
Depends on:
Reported: 2002-08-24 14:59 UTC by Maurizio Disimino
Modified: 2007-09-22 22:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Maurizio Disimino 2002-08-24 14:59:04 UTC
Subject: [GENERAL] PostgreSQL 7.2.2: Security Release
Date: Sat, 24 Aug 2002 00:22:17 -0300 (ADT)
From: "Marc G. Fournier" <>
Cc:, <>, Vince 
Vielhaber <>

Due to recent security vulnerabilities reported on BugTraq, concerning
several buffer overruns found in PostgreSQL, the PostgreSQL Global
Development Team today released v7.2.2 of PostgreSQL that fixes these

The following buffer overruns have been identified and addressed:

                ... in handling long datetime input
                ... in repeat()
                ... in lpad() and rpad() with multibyte
                ... in SET TIME ZONE and TZ env var

Although v7.2.2 is a purely plug-n-play upgrade from v7.2.1, requiring no
dump-n-reload of the database, it should be noted that these
vulnerabilities are only critical on "open" or "shared" systems, as they
require the ability to be able to connect to the database before they can
be exploited.

The latest release is available at:

As well as at appropriate mirror sites.

Please report any bugs/problems with this release to:


Marc G. Fournier
PostgreSQL Global Development Group
Comment 1 Maurizio Disimino 2002-08-26 04:06:21 UTC
(file) postgresql-7.2.2.ebuild   1.1  59 minutes  aliz  Security update
allright :)