This was sent to pgsql-security, but there's no security issue as such,
so reposting to the list where people can fix it.
regards, tom lane
------- Forwarded Message
Date: Fri, 28 Mar 2014 15:41:48 +0000
From: "Christey, Steven M." <coley@mitre.org>
To: "security@postgresql.org" <security@postgresql.org>
cc: Assign a CVE Identifier <cve-assign@mitre.org>
Subject: [pgsql-security] Incorrect CVE mappings in http://www.postgresql.org/support/security/ page
Hello,
On your http://www.postgresql.org/support/security/ page, you have the entries for CVE-2014-0063 and CVE-2014-0064
switched. That is, CVE-2014-0063 should be for the "Potential buffer overruns in datetime input/output," and
CVE-2014-0064should be for "Potential buffer overruns due to integer overflow in size calculations."
If you can fix this, it could reduce confusion by some people. This might be the only page containing the erroneous
mapping. Other PostgreSQL pages, including the commits, associate CVE-2014-0063 with datetime and CVE-2014-0064 with
theinteger overflows.
Regards,
Steve Christey Coley
CVE assignment team, MITRE CVE Numbering Authority
------- End of Forwarded Message
