Your message dated Tue, 15 Feb 2005 18:58:09 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Closing
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 9 Feb 2005 16:30:32 +0000
>From [EMAIL PROTECTED] Wed Feb 09 08:30:32 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CyujY-00025z-00; Wed, 09 Feb 2005 08:30:32 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id A1B6017F13
for <[EMAIL PROTECTED]>; Wed, 9 Feb 2005 16:29:11 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 27CE26E20E; Wed, 9 Feb 2005 11:30:54 -0500 (EST)
Date: Wed, 9 Feb 2005 11:30:54 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: multiple buffer overflows in gram.y (CAN-2005-0247)
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="8t9RHnE3ZwKMSgU+"
Content-Disposition: inline
X-Reportbug-Version: 3.7.1
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--8t9RHnE3ZwKMSgU+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: postgresql
Version: 7.4.7-1
Severity: grave
Tags: security patch
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may al=
low
attackers to execute arbitrary code via (1) a large number of variables in a
SQL statement being handled by the read_sql_construct function, (2) a large
number of INTO variables in a SELECT statement being handled by the
make_select_stmt function, (4) a large number of arbitrary variables in a
SELECT statement being handled by the make_select_stmt function, and (4) a
large number of INTO variables in a FETCH statement being handled by the
make_fetch_stmt function, a different set of vulnerabilities than
CAN-2005-0245.
This is fixed in cvs for version 7.4 here:
http://developer.postgresql.org/cvsweb.cgi/pgsql/src/pl/plpgsql/src/gram.y.=
diff?r1=3D1.48.2.1;r2=3D1.48.2.2
--=20
see shy jo
--8t9RHnE3ZwKMSgU+
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCCjq+d8HHehbQuO8RAvtnAKCwNUGr5/jOAqDwg5azkjoQgr5/JgCdEfpl
cqj1fn3zhindk84c02Pt80g=
=rbMu
-----END PGP SIGNATURE-----
--8t9RHnE3ZwKMSgU+--
---------------------------------------
Received: (at 294406-done) by bugs.debian.org; 15 Feb 2005 17:58:40 +0000
>From [EMAIL PROTECTED] Tue Feb 15 09:58:40 2005
Return-path: <[EMAIL PROTECTED]>
Received: from box79162.elkhouse.de [213.9.79.162]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D16y8-0002FI-00; Tue, 15 Feb 2005 09:58:40 -0800
Received: from martin by box79162.elkhouse.de with local (Exim 4.34)
id 1D16xd-0000je-9P
for [EMAIL PROTECTED]; Tue, 15 Feb 2005 18:58:09 +0100
Date: Tue, 15 Feb 2005 18:58:09 +0100
From: Martin Pitt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Closing
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="PNTmBPCT7hxwcZjr"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-2.0 required=4.0 tests=BAYES_00,ONEWORD autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--PNTmBPCT7hxwcZjr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
All releases (Sarge, Sid, Woody) are fixed now, closing.
Martin
--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian GNU/Linux Developer http://www.debian.org
--PNTmBPCT7hxwcZjr
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCEjgxDecnbV4Fd/IRAl6iAKCNgnw6nO+8XDtxljPWnczPPV+zCQCg38x7
F/qBrWAzS2YvbWuV3RsnnMg=
=4dbN
-----END PGP SIGNATURE-----
--PNTmBPCT7hxwcZjr--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
