Comment 2 for bug 12704

Message-ID: <email address hidden>
Date: Wed, 9 Feb 2005 11:30:54 -0500
From: Joey Hess <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: multiple buffer overflows in gram.y (CAN-2005-0247)

--8t9RHnE3ZwKMSgU+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: postgresql
Version: 7.4.7-1
Severity: grave
Tags: security patch

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may al=
low
attackers to execute arbitrary code via (1) a large number of variables in a
SQL statement being handled by the read_sql_construct function, (2) a large
number of INTO variables in a SELECT statement being handled by the
make_select_stmt function, (4) a large number of arbitrary variables in a
SELECT statement being handled by the make_select_stmt function, and (4) a
large number of INTO variables in a FETCH statement being handled by the
make_fetch_stmt function, a different set of vulnerabilities than
CAN-2005-0245.

This is fixed in cvs for version 7.4 here:
http://developer.postgresql.org/cvsweb.cgi/pgsql/src/pl/plpgsql/src/gram.y.=
diff?r1=3D1.48.2.1;r2=3D1.48.2.2

--=20
see shy jo

--8t9RHnE3ZwKMSgU+
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCCjq+d8HHehbQuO8RAvtnAKCwNUGr5/jOAqDwg5azkjoQgr5/JgCdEfpl
cqj1fn3zhindk84c02Pt80g=
=rbMu
-----END PGP SIGNATURE-----

--8t9RHnE3ZwKMSgU+--