Ok, understood.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
> Tatsuo Ishii <ishii@sraoss.co.jp> writes:
> > One of our engineer claimed that double free bug itself is a
> > vulnerability, thus 8.2.1 release should be called as "security
> > release".
>
> [ shrug... ] AFAICS the crashing bugs we fixed in 8.2.1 can't be
> exploited for anything beyond crashing the backend, and only by an
> attacker who can issue arbitrary SQL commands. There are plenty of
> other ways to cause momentary DOS if you can do that, so it doesn't
> strike me as a big security vulnerability. But if you want to call
> it one, you can.
>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly
>