Re: postgres vulnerability

Gaetano Mendola wrote:
> Neil Conway wrote:
>  > Gaetano Mendola wrote:
>  >
>  >> Here  http://www.sans.org/top20/#u9
>  >> are listed postgres vulnerability it's sad see that almost all
>  >> are related to third part components
>  >
>  >
>  > "Almost all"? By my count, 12 of the 17 vulnerabilities refer to
>  > legitimate problems in PostgreSQL, its RPM distribution, or the ODBC
>  > driver.
> 
> I consider RPM distribution and ODBC driver as third part component.

Unless the vulnerability is introduced by a patch in the RPM, RPM is 
just a compiled version of the original. Thus, not third party code.

> However doing a full scan :-)  on all bugs I widthraw "almost all".

-- 
dave