| From: | Michael Banck <michael(dot)banck(at)credativ(dot)de> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | bchen90 <bchen90(at)163(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Which PG version does CVE-2021-20229 affected? |
| Date: | 2021-03-05 13:16:35 |
| Message-ID: | 60422f34.1c69fb81.f76ee.8925@mx.google.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Mar 05, 2021 at 04:38:17PM +0900, Michael Paquier wrote:
> On Fri, Mar 05, 2021 at 12:32:43AM -0700, bchen90 wrote:
> > NVD link:
> >
> > https://nvd.nist.gov/vuln/detail/CVE-2021-20229#vulnCurrentDescriptionTitle
>
> This link includes incorrect information. CVE-2021-20229 is only a
> problem in 13.0 and 13.1, fixed in 13.2. Please see for example here:
> https://www.postgresql.org/support/security/
Probably because the referenced Red Hat bugzilla bug claims it's
affecting all back branches and they scrapes that info from there:
https://bugzilla.redhat.com/show_bug.cgi?id=1925296
Michael
--
Michael Banck
Projektleiter / Senior Berater
Tel.: +49 2166 9901-171
Fax: +49 2166 9901-100
Email: michael(dot)banck(at)credativ(dot)de
credativ GmbH, HRB Mönchengladbach 12080
USt-ID-Nummer: DE204566209
Trompeterallee 108, 41189 Mönchengladbach
Geschäftsführung: Dr. Michael Meskes, Jörg Folz, Sascha Heuer
Unser Umgang mit personenbezogenen Daten unterliegt
folgenden Bestimmungen: https://www.credativ.de/datenschutz
| From | Date | Subject | |
|---|---|---|---|
| Next Message | alvherre@alvh.no-ip.org | 2021-03-05 13:41:09 | Re: libpq debug log |
| Previous Message | Amit Kapila | 2021-03-05 13:14:11 | Re: Parallel INSERT (INTO ... SELECT ...) |