Quick Links

Re: Which PG version does CVE-2021-20229 affected?

From:	Michael Paquier <michael(at)paquier(dot)xyz>
To:	bchen90 <bchen90(at)163(dot)com>
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Which PG version does CVE-2021-20229 affected?
Date:	2021-03-05 07:38:17
Message-ID:	YEHf6WPo/u2Hn5FP@paquier.xyz
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Fri, Mar 05, 2021 at 12:32:43AM -0700, bchen90 wrote:
> NVD link：
>
> https://nvd.nist.gov/vuln/detail/CVE-2021-20229#vulnCurrentDescriptionTitle

This link includes incorrect information. CVE-2021-20229 is only a
problem in 13.0 and 13.1, fixed in 13.2. Please see for example here:
https://www.postgresql.org/support/security/

The commit that fixed the issue is c028faf, mentioning 9ce77d7 as the
origin point, a commit introduced in Postgres 13.
--
Michael

In response to

Which PG version does CVE-2021-20229 affected? at 2021-03-05 07:32:43 from bchen90

Responses

Re: Which PG version does CVE-2021-20229 affected? at 2021-03-05 08:19:21 from Thomas Kellerer
Re: Which PG version does CVE-2021-20229 affected? at 2021-03-05 13:16:35 from Michael Banck

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Kyotaro Horiguchi	2021-03-05 07:51:17	Re: 011_crash_recovery.pl intermittently fails
Previous Message	Michael Paquier	2021-03-05 07:33:12	Re: [PATCH] pgbench: Bug fix for the -d option