From: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org> |
---|---|
To: | "Mathews, Rob" <rpmathe(at)sandia(dot)gov>, "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
Subject: | Re: CVE-2024-28849 |
Date: | 2024-04-18 17:25:38 |
Message-ID: | b58f9bae-80d4-442c-a4ca-557733ba47c7@postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On 4/18/24 11:27 AM, Mathews, Rob wrote:
> All,
>
> CVE-2024-28849 was found in Version 15.6 and 16.2 this week. Please
> refer to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28849
> <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28849> for
> issues and corrections.
>
> The Binaries .zip files were the files scanned and found with the
> vulnerability. There are no known workarounds for this vulnerability.
PostgreSQL doesn't have any dependencies on node.js, let alone
JavaScript. This CVE doesn't apply to PostgreSQL.
If you are using a package to install PostgreSQL (as it sounds like you
are), you'll need to reach out to the package maintainers.
Jonathan
From | Date | Subject | |
---|---|---|---|
Next Message | Jerry Sievert | 2024-04-18 17:37:27 | Re: CVE-2024-28849 |
Previous Message | Mathews, Rob | 2024-04-18 15:27:53 | CVE-2024-28849 |