Re: CVE-2022-2625

There are nine months of bug fixes.

On 9/15/22 09:52, misha1966 misha1966 wrote:
> Is there a patch for 9.6 ?
>
> Четверг, 15 сентября 2022, 17:55 +09:00 от Ron <ronljohnsonjr(at)gmail(dot)com>:
> Software is only certified for 9.5?  Hopefully you're running 9.5.25.
>
> I feel your pain... we've got some databases that will stay at 9.6 for
> another year.
> On 9/14/22 23:24, misha1966 misha1966 wrote:
>> All business processes are hooked on postgresql 9.5. There is no way
>> to update.
>> Unfortunately, I don't have the proper qualifications to change it.
>>
>> Четверг, 15 сентября 2022, 1:58 +09:00 от Laurenz Albe
>> <laurenz(dot)albe(at)cybertec(dot)at>:
>> On Wed, 2022-09-14 at 17:02 +0300, misha1966 misha1966 wrote:
>> > Tell me, is there a CVE-2022-2625 vulnerability in posgresql 9.5?
>> > If so, who knows how to patch it? Patches from version 10 are
>> not suitable at all...
>>
>> Yes, that vulnerability exists in 9.5.
>>
>> To patch that, you'd have to try and backpatch the commit to 9.5
>> yourself:
>> https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=b9b21acc766db54d8c337d508d0fe2f5bf2daab0
>>
>> Since 9.5 is out of support, there are no more bugfixes for it
>> provided
>> by the community. If security were a real concern for you, you would
>> certainly not be running a PostgreSQL version that is out of support.
>>
>> Yours,
>> Laurenz Albe
>> --
>> Cybertec | https://www.cybertec-postgresql.com
>>
> --
> Angular momentum makes the world go 'round.
>

--
Angular momentum makes the world go 'round.