fweimer-rh
commented
5 months ago Red Hat Product Security has assigned CVE-2024-1013 to this issue.
Closed fweimer-rh closed 5 months ago
fweimer-rh
commented
5 months ago Red Hat Product Security has assigned CVE-2024-1013 to this issue.
jubalh
commented
5 months ago Red Hat Product Security has assigned CVE-2024-1013 to this issue.
Isn't Drivers/Postgre7.1/info.c just an example driver that shouldnt be used/built in production anyways?
The drivers in here are historical ones or example drivers. They are not supported anymore. But can be used as a starting point to write your own.
From https://github.com/lurcher/unixODBC/blob/master/Drivers/README
lurcher
commented
5 months ago On 29/01/2024 09:25, Michael Vetter wrote:
Red Hat Product Security has assigned CVE-2024-1013 to this issue.Isn't |Drivers/Postgre7.1/info.c| just an example driver that shouldnt be used in production anyways?
Yep, very old driver. I guess I will make the change to just keep the peace.
fweimer-rh
commented
5 months ago Red Hat Product Security has assigned CVE-2024-1013 to this issue.
Isn't
Drivers/Postgre7.1/info.cjust an example driver that shouldnt be used/built in production anyways?
Ugh, I had no idea. Looks like we keep building these drivers, but they do not end up shipping as far as I can tell.
jubalh
commented
5 months ago Ugh, I had no idea. Looks like we keep building these drivers, but they do not end up shipping as far as I can tell.
openSUSE uses psqlODBC instead.
kloczek
commented
5 months ago Is it possible to release new version because this commit? 🤔
These result in out-of-bounds stack writes on 64-bit architectures (caller has 4 bytes, callee writes 8 bytes), and seem to have gone unnoticed on little-endian architectures (although big-endian architectures must be broken).
This change is required to avoid a build failure with GCC 14.
I'll ask Red Hat Product Security if they think this needs to be tracked as a security vulnerability.
Related to: