| From: | Erik Wienhold <ewie(at)ewie(dot)name> |
|---|---|
| To: | Cedric Aaron Towstyka <Cedric-Aaron(dot)Towstyka(at)barmenia(dot)de>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Information to CVE-2022-42889 |
| Date: | 2022-11-08 11:27:33 |
| Message-ID: | 985333330.298748.1667906853727@office.mailbox.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> On 08/11/2022 11:50 CET Cedric Aaron Towstyka <cedric-aaron(dot)towstyka(at)barmenia(dot)de> wrote:
>
> the german bureau for IT-Security "BSI" (Bundesamt für Sicherheit in der
> Informationstechnik) has issued a warning for CVE CVE-2022-42889with the name
> commons-text. Insurance companies are obliged to analyse the installed
> software for vulnerabilities of this type. As the Barmenia is using your
> product PostgreSQL Server it is necessary to obtain all information regarding
> any vulnerability against above CVE. We kindly ask you to provide information
> if the above product is affected by the CVE and if yes, when a fix will be
> available.
Postgres does not use Java and should not be affected. Maybe if you use
PL/Java[1].
This CVE reminds me of Log4j from last year[2].
[1] https://tada.github.io/pljava/
[2] https://www.postgresql.org/message-id/flat/30390f0b07fd4d90b1aacb683ebfae45%40pictet.com
--
Erik
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Karsten Hilbert | 2022-11-08 11:33:39 | Aw: Information to CVE-2022-42889 |
| Previous Message | Willian Colognesi | 2022-11-08 11:21:20 | Re: Segmentation Fault PG 14 |