Quick Links

Vulnerability identified with Postgres 13.4 for Windows

From:	"Joel Mariadasan (jomariad)" <jomariad(at)cisco(dot)com>
To:	pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Cc:	"Jerin Ittoop (jittoop)" <jittoop(at)cisco(dot)com>
Subject:	Vulnerability identified with Postgres 13.4 for Windows
Date:	2021-10-29 10:40:06
Message-ID:	DM6PR11MB3452AFC9925606D0DA0E3EDBD7879@DM6PR11MB3452.namprd11.prod.outlook.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Hi,

The scanning tool used by our organization has detected the presence of vulnerable libxml version in the latest Postgres 13.4 release for windows (Zip version).

Detected by Automated Scanning tool:
libxml 2.9.10

Can you confirm if this is the same version of libxml used in Postgres?
We want to confirm if the detection is a false positive or a vulnerability.

Regards,
Joel

Responses

Re: Vulnerability identified with Postgres 13.4 for Windows at 2021-10-29 15:52:00 from David G. Johnston
Re: Vulnerability identified with Postgres 13.4 for Windows at 2021-10-30 19:10:32 from Justin Pryzby

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Greg Nancarrow	2021-10-29 10:51:57	Skip vacuum log report code in lazy_scan_heap() if possible
Previous Message	gkokolatos	2021-10-29 09:45:41	Re: Teach pg_receivewal to use lz4 compression