| From: | Roberto C(dot) Sánchez <roberto(at)debian(dot)org> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Request for assistance to backport CVE-2022-1552 fixes to 9.6 and 9.4 |
| Date: | 2022-06-08 21:31:09 |
| Message-ID: | YqEVHfKcFp3ev2v7@connexer.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Jun 08, 2022 at 04:15:47PM -0400, Tom Lane wrote:
> Roberto =?iso-8859-1?Q?C=2E_S=E1nchez?= <roberto(at)debian(dot)org> writes:
> > I am investigating backporting the fixes for CVE-2022-1552 to 9.6 and
> > 9.4 as part of Debian LTS and Extended LTS. I am aware that these
> > releases are no longer supported upstream, but I have made an attempt at
> > adapting commits ef792f7856dea2576dcd9cab92b2b05fe955696b and
> > f26d5702857a9c027f84850af48b0eea0f3aa15c from the REL_10_STABLE branch.
> > I would appreciate a review of the attached patches and any comments on
> > things that may have been missed and/or adapted improperly.
>
> FWIW, I would not recommend being in a huge hurry to back-port those
> changes, pending the outcome of this discussion:
>
> https://www.postgresql.org/message-id/flat/f8a4105f076544c180a87ef0c4822352%40stmuk.bayern.de
>
Thanks for the pointer.
> We're going to have to tweak that code somehow, and it's not yet
> entirely clear how.
>
I will monitor the discussion to see what comes of it.
Regards,
-Roberto
--
Roberto C. Sánchez
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Stark | 2022-06-08 21:42:48 | Tightening behaviour for non-immutable behaviour in immutable functions |
| Previous Message | Robert Haas | 2022-06-08 21:23:24 | BTMaxItemSize seems to be subtly incorrect |