Re: Which PG version does CVE-2021-20229 affected?

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: bchen90 <bchen90(at)163(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Which PG version does CVE-2021-20229 affected?
Date: 2021-03-05 07:38:17
Message-ID: YEHf6WPo/u2Hn5FP@paquier.xyz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Fri, Mar 05, 2021 at 12:32:43AM -0700, bchen90 wrote:
> NVD link:
>
> https://nvd.nist.gov/vuln/detail/CVE-2021-20229#vulnCurrentDescriptionTitle

This link includes incorrect information. CVE-2021-20229 is only a
problem in 13.0 and 13.1, fixed in 13.2. Please see for example here:
https://www.postgresql.org/support/security/

The commit that fixed the issue is c028faf, mentioning 9ce77d7 as the
origin point, a commit introduced in Postgres 13.
--
Michael

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Kyotaro Horiguchi 2021-03-05 07:51:17 Re: 011_crash_recovery.pl intermittently fails
Previous Message Michael Paquier 2021-03-05 07:33:12 Re: [PATCH] pgbench: Bug fix for the -d option