> Hello.
> Could someone look at http://www.freebsd.org/cgi/query-pr.cgi?pr=144863
> ? There is quite serious security issue in postgres, which allow any
> user to kill others' sessions.
>
It's only been a week since it was assigned to the maintainer (girgen@)
to look at.
It's too soon for a maintainer timeout, although I suppose if this is
considered to be an enormous security risk it could be committed without
waiting.
I'd say that's a decision for portmgr@ to make.
--
Gary Jennejohn
I'd say go ahead and commit it. We often waive the two-week period for
security problems.
mcl
Sorry to step in.
8.4 has been corrected since a while, but what about 8.2 and 8.3?
Is the new (non vulnerable) version going to arrive in the port tree
anytime soon or should we plan a version upgrade?
bye & Thanks
av.