On Wed, May 12, 2004 at 10:46:00 +0300, Shachar Shemesh <[EMAIL PROTECTED]> wrote: > Industry practices dictate that we do issue SOMETHING now. The bug is > now public, and can be exploited.
The description of the problem indicates that it can only be exploited after you have authenticated to the database. Since people who can connect to a postgres database can already cause denial of service attacks, this problem isn't a huge deal. It makes breaches in other programs (web server process especially) worse and provides another way for authorized users to cause problems. A release should probably be made soon, as a way to advertise the problem so that people are aware of it and can take appropiate steps. I don't think that this problem warrants bypassing normal minor release proceedure. ---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])