Re: Zlib vulnerability heads-up.

IIRC, the issue here is that it was a double free and that it was ONLY
of possible concern in the even that a specific sequence of calls were
made AND a very cleaver hack was available to allow for
uncontrolled/unvalidated input.

While it may be worth noting, I seriously doubt this is a security issue
for PostgresSQL.

Greg



On Tue, 2002-03-12 at 10:46, Lamar Owen wrote:
> On Tuesday 12 March 2002 11:24 am, Trond Eivind Glomsrød wrote:
> > Lamar Owen <lamar.owen@wgcr.org> writes:
> > > Updating zlib is strongly recommended by many sources, and a patch is
> > > available.
>
> > FWIW, I really doubt this is much of a problem for postgresql. It's
> > mainly a problem for applications dealing with untrusted, compressed
> > data (webbrowsers, imageviewers, programs with skins downloaded from
> > the Internet) etc.
>
> It's probably NOT a big problem; but it IS a bug in an underlying library.
> --
> Lamar Owen
> WGCR Internet Radio
> 1 Peter 4:11
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/users-lounge/docs/faq.html