| From: | Justin Pryzby <pryzby(at)telsasoft(dot)com> |
|---|---|
| To: | "Joel Mariadasan (jomariad)" <jomariad(at)cisco(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, "Jerin Ittoop (jittoop)" <jittoop(at)cisco(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Subject: | Re: Vulnerability identified with Postgres 13.4 for Windows |
| Date: | 2021-10-30 19:10:32 |
| Message-ID: | 20211030191032.GK31568@telsasoft.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Oct 29, 2021 at 10:40:06AM +0000, Joel Mariadasan (jomariad) wrote:
> Hi,
>
> The scanning tool used by our organization has detected the presence of vulnerable libxml version in the latest Postgres 13.4 release for windows (Zip version).
>
> Detected by Automated Scanning tool:
> libxml 2.9.10
>
> Can you confirm if this is the same version of libxml used in Postgres?
> We want to confirm if the detection is a false positive or a vulnerability.
Joel: Could you provide the exact link for the postgres ZIP you used ?
--
Justin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2021-10-30 20:48:40 | Re: Add additional information to src/test/ssl/README |
| Previous Message | Daniel Gustafsson | 2021-10-30 18:41:45 | Re: Add additional information to src/test/ssl/README |