| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | James Watt <crispy(dot)james(dot)watt(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: [BUG] Security bugs affected version detected. |
| Date: | 2024-08-29 13:00:37 |
| Message-ID: | 153AB376-A1F3-4406-B7BB-5677B79939F5@yesql.se |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 29 Aug 2024, at 14:54, James Watt <crispy(dot)james(dot)watt(at)gmail(dot)com> wrote:
>
> Our tool have detected that postgre in the version of REL9_6_18~ REL9_6_24 may also affected by the vulnerability CVE-2022-2625. The vulnerability database does not include these versions and you may not fix it in the REL9_6 branch. Is there a need to backport the patch of CVE-2022-2625?
9.6 was EOL at the time of 2022-2625 being announced and thus wasn't considered
for a backport of the fix, the project only applies fixes to supported
versions. Anyone still running 9.6 in production is highly recommended to
upgrade to a supported version.
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2024-08-29 13:02:10 | Re: Eager aggregation, take 3 |
| Previous Message | Alexander Lakhin | 2024-08-29 13:00:00 | Re: Streaming read-ready sequential scan code |