| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | misha1966 misha1966 <mmisha1966(at)bk(dot)ru>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: CVE-2022-2625 |
| Date: | 2022-09-14 16:58:30 |
| Message-ID: | d58aa202eee6f4e95d7f5beb0379306e62fcb87a.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, 2022-09-14 at 17:02 +0300, misha1966 misha1966 wrote:
> Tell me, is there a CVE-2022-2625 vulnerability in posgresql 9.5?
> If so, who knows how to patch it? Patches from version 10 are not suitable at all...
Yes, that vulnerability exists in 9.5.
To patch that, you'd have to try and backpatch the commit to 9.5 yourself:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=b9b21acc766db54d8c337d508d0fe2f5bf2daab0
Since 9.5 is out of support, there are no more bugfixes for it provided
by the community. If security were a real concern for you, you would
certainly not be running a PostgreSQL version that is out of support.
Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marcos Pegoraro | 2022-09-14 19:33:47 | massive update on gin index |
| Previous Message | jian he | 2022-09-14 16:16:59 | understand pg_ndistinct type && Why with(autovacuum_enabled=off) some query estimate 100, some is 200. |