Re: BUG #18193: CVE-2019-9193

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: sumanth(dot)vankineni(at)gmail(dot)com
Cc: pgsql-bugs(at)lists(dot)postgresql(dot)org
Subject: Re: BUG #18193: CVE-2019-9193
Date: 2023-11-13 15:20:30
Message-ID: 1985242.1699888830@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

PG Bug reporting form <noreply(at)postgresql(dot)org> writes:
> Just wanted to give an update, I'm not sure if it's mentioned anywhere on
> the website. The PostgreSQl version 13.7 is also vuln to the
> CVE-2019-9193.
> The CVE states only In PostgreSQL 9.3 through 11.2.

Please see

https://www.postgresql.org/about/news/cve-2019-9193-not-a-security-vulnerability-1935/

That CVE is erroneous in full, and so the fact that it also misstates
relevant versions is hardly surprising.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message David G. Johnston 2023-11-13 15:30:18 Re: BUG #18193: CVE-2019-9193
Previous Message hubert depesz lubaczewski 2023-11-13 12:17:22 Re: BUG #18193: CVE-2019-9193