Security Vulnerability Announcements
Ingres provides information on security vulnerabilities that affect Ingres products in the form of formal security disclosures. Announcements for any affected Ingres products are published to the Ingres Security Vulnerability mailing list, VIP mailing list, OpenROAD mailing list, DBA Forums, ‘comps.database.ingres’ group, and Ingres Service Desk the 24X7 online product support application for all Ingres products.
For each Security Vulnerability identified we will supply details of the issue(s) being fixed as well as how to obtain and install the required patches and/or service packs.
In order to facilitate companies in determining an appropriate course of action the announcement will assess the importance of the security vulnerability including; brief explanation of the vulnerability, affected versions, platforms, and overall impact.
Announcement of Security Fixes:
It is Ingres’s policy not to announce security fixes until they are all available for all affected and supported product version and platform combinations. An unannounced vulnerability fix can be included in provided patch updates when some, but not all parts of the vulnerability are fixed, or because the fix is available on some, but not all version-platform combinations of a product. Ingres will only formally disclose, along with identifying acknowledged advisors, after fixes are available for all version and platform combinations.
External Announcements:
Where a new public security vulnerability is identified official vendor statements will be provided at the National Vulnerability Database and can be found by searching by the supplied CVE number.
Official Announcements:
Important - Security Vulnerability Announcement as of August 01, 2008
Important - Security Vulnerability Announcement as of December 17, 2007
Important - Security Vulnerability Announcement as of June 21, 2007
Automatic Notifications:
If you would like to be automatically notified of future Security Vulnerability Announcements subscribe to Ingressvnotification.
