Re: [COMMITTERS] pgsql: Fix failure due to accessing an

Ok, understood.
--
Tatsuo Ishii
SRA OSS, Inc. Japan

> Tatsuo Ishii <ishii@sraoss.co.jp> writes:
> > One of our engineer claimed that double free bug itself is a
> > vulnerability, thus 8.2.1 release should be called as "security
> > release".
> 
> [ shrug... ]  AFAICS the crashing bugs we fixed in 8.2.1 can't be
> exploited for anything beyond crashing the backend, and only by an
> attacker who can issue arbitrary SQL commands.  There are plenty of
> other ways to cause momentary DOS if you can do that, so it doesn't
> strike me as a big security vulnerability.  But if you want to call
> it one, you can.
> 
>             regards, tom lane
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 1: if posting/reading through Usenet, please send an appropriate
>        subscribe-nomail command to majordomo@postgresql.org so that your
>        message can get through to the mailing list cleanly
>