Re: CVE-2019-9193 about COPY FROM/TO PROGRAM

От: Jonathan S. Katz
Тема: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM
Дата: ,
Msg-id: cf1c698a-3ac5-46f4-cffe-d235acd8f6e0@postgresql.org
(см: обсуждение, исходный текст)
Ответ на: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Michael Paquier)
Список: pgsql-general

Скрыть дерево обсуждения

CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Daniel Verite", )
 Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Tom Lane, )
  Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
   Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Tom Lane, )
    Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Jonathan S. Katz", )
     Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Michael Paquier, )
      Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Brad Nicholson", )
       Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Andres Freund, )
        Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
         Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Jonathan S. Katz", )
        Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Jeff Janes, )
         Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Robert Treat, )
       Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Jeremy Schneider, )
        Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Tom Lane, )
         Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
          Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Andres Freund, )
      Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  ("Jonathan S. Katz", )
     Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Magnus Hagander, )
    Re: CVE-2019-9193 about COPY FROM/TO PROGRAM  (Alvaro Herrera, )

On 4/2/19 1:05 AM, Michael Paquier wrote:
> On Mon, Apr 01, 2019 at 10:04:32AM -0400, Jonathan S. Katz wrote:
>> +1, though I’d want to see if people get noisier about it before we rule
>> out an official response.
>>
>> A blog post from a reputable author who can speak to security should
>> be good enough and we can make noise through our various channels.
>
> Need a hand?  Not sure if I am reputable enough though :)

I believe you are, and any blog entries helping the matter are welcome :)

> By the way, it could be the occasion to consider an official
> PostgreSQL blog on the main website.  News are not really a model
> adapted for problem analysis and for entering into technical details.

I think this is warrants a longer discussion, albeit for a different day.

Jonathan


Вложения

В списке pgsql-general по дате сообщения:

От: "Brad Nicholson"
Дата:
Сообщение: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM
От: Tom Lane
Дата:
Сообщение: Re: logical replication - negative bitmapset member not allowed