Search Postgresql Archives

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



"David G. Johnston" <david.g.johnston@xxxxxxxxx> writes:
> On Thursday, November 21, 2024, Subhash Udata <subhashudata@xxxxxxxxx>
> wrote:
>> The PostgreSQL documentation mentions that the versions with a fix for
>> CVE-2024-10979 are *17.1, 16.5, 15.9, 14.14, 13.17, and 12.21*. However,
>> your reply states that any version greater than 13+ should suffice.
>> Could you please confirm if upgrading to one of the specific versions
>> listed above is mandatory, or is it acceptable to upgrade to any version
>> higher than 13

Minor versions earlier than those do not contain the fix.

> The fact you are on version 11 means you should not expect an answer to the
> question whether this newly discovered CVE affects you - that would be
> expecting support for a long-unsupported version.

The Postgres security team does not ordinarily test out-of-support
branches, so no official answer to that will be forthcoming.
Unofficially, however, I have no doubt that this bug is quite ancient.

			regards, tom lane





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux