Обсуждение: Impact of CVE-2014-2669
We received notice of the following :
advisory:
31864 postgresql92-postgresql security update
http://www.securityfocus.com/advisories/31864
31864 postgresql92-postgresql security update
http://www.securityfocus.com/advisories/31864
Web Page:Bug 1082154 - (CVE-2014-2669) CVE-2014-2669 postgresql: multiple integer overflo
https://bugzilla.redhat.com/show_bug.cgi?id=1082154
https://bugzilla.redhat.com/show_bug.cgi?id=1082154
From what I can tell in reading it, it impacts the database engine not the client tools such as pgAdmin III. I have the latest version installed on my PC, 1.18.1, yet my company is requesting me to update or remove the tool. As this is the current release, this is obviously not possible.
Is pgAdmin III version 1.18.1 impacted by this threat?
If release 1.18.1 is impacted, is there an estimate as to when a solution will be released?
Thank you,
Tim Hearne
On Wed, Jun 25, 2014 at 5:50 PM, HEARNE, TIMOTHY S <th1618@att.com> wrote: > We received notice of the following : > advisory: > 31864 postgresql92-postgresql security update > http://www.securityfocus.com/advisories/31864 > > Web Page:Bug 1082154 - (CVE-2014-2669) CVE-2014-2669 postgresql: multiple > integer overflo > https://bugzilla.redhat.com/show_bug.cgi?id=1082154 > > From what I can tell in reading it, it impacts the database engine not the > client tools such as pgAdmin III. I have the latest version installed on my > PC, 1.18.1, yet my company is requesting me to update or remove the tool. > As this is the current release, this is obviously not possible. > > Is pgAdmin III version 1.18.1 impacted by this threat? > > If release 1.18.1 is impacted, is there an estimate as to when a solution > will be released? This has nothing to do with pgAdmin, it is, as you say, a server bug. -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company