Re: postgres vulnerability
| От | Gaetano Mendola |
|---|---|
| Тема | Re: postgres vulnerability |
| Дата | |
| Msg-id | ckbagg$9g3$1@floppy.pyrenet.fr обсуждение исходный текст |
| Ответ на | Re: postgres vulnerability (David Garamond <lists@zara.6.isreserved.com>) |
| Список | pgsql-hackers |
David Garamond wrote: > Gaetano Mendola wrote: > >> Neil Conway wrote: >> > Gaetano Mendola wrote: >> > >> >> Here http://www.sans.org/top20/#u9 >> >> are listed postgres vulnerability it's sad see that almost all >> >> are related to third part components >> > >> > >> > "Almost all"? By my count, 12 of the 17 vulnerabilities refer to >> > legitimate problems in PostgreSQL, its RPM distribution, or the ODBC >> > driver. >> >> I consider RPM distribution and ODBC driver as third part component. > > > Unless the vulnerability is introduced by a patch in the RPM, RPM is > just a compiled version of the original. Thus, not third party code. Well the RPM issue was about wrong file permission, do you think this is a postgres vulnerability ? Regards Gaeatano Mendola
В списке pgsql-hackers по дате отправления: