David Garamond wrote:
> Gaetano Mendola wrote:
>
>> Neil Conway wrote:
>> > Gaetano Mendola wrote:
>> >
>> >> Here http://www.sans.org/top20/#u9
>> >> are listed postgres vulnerability it's sad see that almost all
>> >> are related to third part components
>> >
>> >
>> > "Almost all"? By my count, 12 of the 17 vulnerabilities refer to
>> > legitimate problems in PostgreSQL, its RPM distribution, or the ODBC
>> > driver.
>>
>> I consider RPM distribution and ODBC driver as third part component.
>
>
> Unless the vulnerability is introduced by a patch in the RPM, RPM is
> just a compiled version of the original. Thus, not third party code.
Well the RPM issue was about wrong file permission, do you think this is
a postgres vulnerability ?
Regards
Gaeatano Mendola