Ok, understood.
Tatsuo Ishii
SRA OSS, Inc. Japan

> Tatsuo Ishii <[EMAIL PROTECTED]> writes:
> > One of our engineer claimed that double free bug itself is a
> > vulnerability, thus 8.2.1 release should be called as "security
> > release".
> [ shrug... ]  AFAICS the crashing bugs we fixed in 8.2.1 can't be
> exploited for anything beyond crashing the backend, and only by an
> attacker who can issue arbitrary SQL commands.  There are plenty of
> other ways to cause momentary DOS if you can do that, so it doesn't
> strike me as a big security vulnerability.  But if you want to call
> it one, you can.
>                       regards, tom lane
> ---------------------------(end of broadcast)---------------------------
> TIP 1: if posting/reading through Usenet, please send an appropriate
>        subscribe-nomail command to [EMAIL PROTECTED] so that your
>        message can get through to the mailing list cleanly

---------------------------(end of broadcast)---------------------------
TIP 7: You can help support the PostgreSQL project by donating at


Reply via email to