| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | "Joel Mariadasan (jomariad)" <jomariad(at)cisco(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>, "Jerin Ittoop (jittoop)" <jittoop(at)cisco(dot)com> |
| Subject: | Re: Vulnerability identified with Postgres 13.4 for Windows |
| Date: | 2021-10-29 15:52:00 |
| Message-ID: | CAKFQuwYJAUOZ-qeGX6pf7MPXNBc0M4TN=AoT4vjw2xobAEZAFw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Friday, October 29, 2021, Joel Mariadasan (jomariad) <jomariad(at)cisco(dot)com>
wrote:
> Detected by Automated Scanning tool:
>
> *libxml 2.9.10*
>
>
>
> Can you confirm if this is the same version of libxml used in Postgres?
>
> We want to confirm if the detection is a false positive or a vulnerability.
>
>
>
IIUC (though I’m more familiar with Linux) the core project has now control
over which versions of external libraries get installed onto ones machine.
In particular the core project only supports compiled from source
installation.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2021-10-29 16:04:43 | Re: Extension ownership and misuse of SET ROLE/SET SESSION AUTHORIZATION |
| Previous Message | tomas | 2021-10-29 14:50:30 | Re: plpgsql: can I use a variable in a DECLARE later whithin the DECLARE? |