Re: CVE-2019-9193 about COPY FROM/TO PROGRAM

От: Michael Paquier
Тема: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM
Дата: ,
Msg-id: 20190402050501.GN16093@paquier.xyz
(см: обсуждение, исходный текст)
Ответ на: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Jonathan S. Katz")
Ответы: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Brad Nicholson")
Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Jonathan S. Katz")
Список: pgsql-general

Скрыть дерево обсуждения

CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Daniel Verite", )
 Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Tom Lane, )
  Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
   Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Tom Lane, )
    Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Jonathan S. Katz", )
     Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Michael Paquier, )
      Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Brad Nicholson", )
       Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Andres Freund, )
        Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
         Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Jonathan S. Katz", )
        Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Jeff Janes, )
         Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Robert Treat, )
       Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Jeremy Schneider, )
        Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Tom Lane, )
         Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
          Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Andres Freund, )
      Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Jonathan S. Katz", )
     Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
    Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Alvaro Herrera, )

On Mon, Apr 01, 2019 at 10:04:32AM -0400, Jonathan S. Katz wrote:
> +1, though I’d want to see if people get noisier about it before we rule
> out an official response.
>
> A blog post from a reputable author who can speak to security should
> be good enough and we can make noise through our various channels.

Need a hand?  Not sure if I am reputable enough though :)

By the way, it could be the occasion to consider an official
PostgreSQL blog on the main website.  News are not really a model
adapted for problem analysis and for entering into technical details.
--
Michael

Вложения

В списке pgsql-general по дате сообщения:

От: Alban Hertroys
Дата:
Сообщение: Re: WAL Archive Cleanup?
От: "Brad Nicholson"
Дата:
Сообщение: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM