Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: [BUGS] BUG #2052: Federal Agency Tech Hub Refuses to Accept
- From: "Magnus Hagander" <mha(at)sollentuna(dot)net>
- To: "Martijn van Oosterhout" <kleptog(at)svana(dot)org>
- Cc: "Simon Riggs" <simon(at)2ndquadrant(dot)com>, "Peter Eisentraut" <peter_e(at)gmx(dot)net>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, <pgsql-hackers(at)postgresql(dot)org>
- Subject: Re: [BUGS] BUG #2052: Federal Agency Tech Hub Refuses to Accept
- Date: Fri, 25 Nov 2005 22:10:22 +0100
- Message-id: <6BCB9D8A16AC4241919521715F4D8BCE92E8A0(at)algol(dot)sollentuna(dot)se>
> > > > We really should write the CVE numbers into the commit messages > > > > and the release notes. > > > > > > I think that would be good. > > > > That requires the CVE number to be available at the time of commit. > > Not sure if it'll always be. But if it is, it's certainly a > good idea > > to put it in. > > I think that depends on who discovers it. CVEs are assigned > even if it's not clear that the vulnerability is exploitable. > In anycase, some distributors (like Debian) already track > CVEs on your behalf. In general they refer to the CVE when > releasing fixes. Right. This is exactly why it's good to have a list of our own, so ppl can cross reference. > In any case, PostgreSQL already seems to have had 29 CVEs logged: > > http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=postgresql Not quite that many. Several of those are not for postgresql at all, but for third party products *using* postgresql. //Magnus
- Prev by Date: Re: [BUGS] BUG #2052: Federal Agency Tech Hub Refuses to
- Next by Date: Re: SHOW ALL output too wide
- Previous by thread: Re: [BUGS] BUG #2052: Federal Agency Tech Hub Refuses to Accept
- Next by thread: POWER vs. POW ???
- Indexes: