| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Michael Banck <michael(dot)banck(at)credativ(dot)de> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, bchen90 <bchen90(at)163(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Which PG version does CVE-2021-20229 affected? |
| Date: | 2021-03-05 14:48:43 |
| Message-ID: | 1462545.1614955723@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Michael Banck <michael(dot)banck(at)credativ(dot)de> writes:
> On Fri, Mar 05, 2021 at 04:38:17PM +0900, Michael Paquier wrote:
>> This link includes incorrect information. CVE-2021-20229 is only a
>> problem in 13.0 and 13.1, fixed in 13.2. Please see for example here:
>> https://www.postgresql.org/support/security/
> Probably because the referenced Red Hat bugzilla bug claims it's
> affecting all back branches and they scrapes that info from there:
> https://bugzilla.redhat.com/show_bug.cgi?id=1925296
Indeed. Must have been some internal miscommunication in Red Hat,
because we certainly gave them the right info when we filed for the
CVE number. I've commented on that BZ entry, hopefully that'll be
enough to get them to update things.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andreas Karlsson | 2021-03-05 15:19:44 | Re: [PATCH] regexp_positions ( string text, pattern text, flags text ) → setof int4range[] |
| Previous Message | Dean Rasheed | 2021-03-05 14:32:29 | Re: PoC/WIP: Extended statistics on expressions |