| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Roberto C(dot) Sánchez <roberto(at)debian(dot)org> |
| Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Request for assistance to backport CVE-2022-1552 fixes to 9.6 and 9.4 |
| Date: | 2022-06-08 20:15:47 |
| Message-ID: | 1740804.1654719347@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Roberto =?iso-8859-1?Q?C=2E_S=E1nchez?= <roberto(at)debian(dot)org> writes:
> I am investigating backporting the fixes for CVE-2022-1552 to 9.6 and
> 9.4 as part of Debian LTS and Extended LTS. I am aware that these
> releases are no longer supported upstream, but I have made an attempt at
> adapting commits ef792f7856dea2576dcd9cab92b2b05fe955696b and
> f26d5702857a9c027f84850af48b0eea0f3aa15c from the REL_10_STABLE branch.
> I would appreciate a review of the attached patches and any comments on
> things that may have been missed and/or adapted improperly.
FWIW, I would not recommend being in a huge hurry to back-port those
changes, pending the outcome of this discussion:
https://www.postgresql.org/message-id/flat/f8a4105f076544c180a87ef0c4822352%40stmuk.bayern.de
We're going to have to tweak that code somehow, and it's not yet
entirely clear how.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2022-06-08 20:19:52 | Re: Collation version tracking for macOS |
| Previous Message | Tom Lane | 2022-06-08 20:01:43 | Re: Collation version tracking for macOS |