John R Pierce wrote: > Bruce Momjian wrote: > > If someone wants to create a separate web page to track fixes related to > > CVE number, that is fine. My guess is that most people reading the > > release notes don't care about the CVE numbers themselves (just that > > each release has all known security bugs fixed), and most bugs that are > > fixed don't have CVE numbers at commit time. > > I think its quite reasonable for the one line description of a postgres > bug to reference "CVE-2005-0247 multiple buffer overflows..." or > whatever, I guess it kind of depends on which came first... if the CVE > security item came first, and was entered into the PGSQL bug tracker, > then this makes a LOT of sense. if the CVE folks create their entry > AFTER the bug has been entered into PGSQL, it makes less sense.
We don't have a bug tracker, see the current FAQ. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
