Re: BUG #18696: Compatibility Query for Updating zlib1.dll in PostgreSQL 10.2 to Address Security Vulnerabilities

On Mon, Nov 18, 2024 at 10:47:39PM -0500, Bruce Momjian wrote:
> On Thu, Nov 7, 2024 at 10:02:01AM +0000, PG Bug reporting form wrote:
> > The following bug has been logged on the website:
> >
> > Bug reference: 18696
> > Logged by: Minaketan Sabar
> > Email address: minaketan(dot)sabar(at)gmail(dot)com
> > PostgreSQL version: Unsupported/Unknown
> > Operating system: Windows Server 2019 Standard
> > Description:
> >
> > Hello Team,
> >
> > I’d like to share the details of an issue and seek guidance:
> >
> > Issue/Query: To address the security vulnerabilities “CVE-2022-37434,
> > CVE-2023-45853,” we are planning to replace the zlib1.dll (currently version
> > 1.2.8, default in PostgreSQL 10.2) with the latest zlib1.dll version 1.3.1.
> > This version is included in PostgreSQL 16, and we intend to update by
> > copying the file from the PostgreSQL 16 installation (PostgreSQL\16\bin
> > folder).
>
> You are running an unsupported version of Postgres, so I think zlib is
> only a minor security issue compared to running PG 10.X --- and you
> didn't even upgrade to the later minor versions of PG 10.

Sorry, I should have also referenced this:

https://www.postgresql.org/support/versioning/

--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com

When a patient asks the doctor, "Am I going to die?", he means
"Am I going to die soon?"