| From: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org> |
|---|---|
| To: | "Mathews, Rob" <rpmathe(at)sandia(dot)gov>, "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: CVE-2024-28849 |
| Date: | 2024-04-18 17:25:38 |
| Message-ID: | b58f9bae-80d4-442c-a4ca-557733ba47c7@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On 4/18/24 11:27 AM, Mathews, Rob wrote:
> All,
>
> CVE-2024-28849 was found in Version 15.6 and 16.2 this week. Please
> refer to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28849
> <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28849> for
> issues and corrections.
>
> The Binaries .zip files were the files scanned and found with the
> vulnerability. There are no known workarounds for this vulnerability.
PostgreSQL doesn't have any dependencies on node.js, let alone
JavaScript. This CVE doesn't apply to PostgreSQL.
If you are using a package to install PostgreSQL (as it sounds like you
are), you'll need to reach out to the package maintainers.
Jonathan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jerry Sievert | 2024-04-18 17:37:27 | Re: CVE-2024-28849 |
| Previous Message | Mathews, Rob | 2024-04-18 15:27:53 | CVE-2024-28849 |