On Wed, Jun 08, 2022 at 04:15:47PM -0400, Tom Lane wrote:
> Roberto =?iso-8859-1?Q?C=2E_S=E1nchez?= <roberto@debian.org> writes:
> > I am investigating backporting the fixes for CVE-2022-1552 to 9.6 and
> > 9.4 as part of Debian LTS and Extended LTS. I am aware that these
> > releases are no longer supported upstream, but I have made an attempt at
> > adapting commits ef792f7856dea2576dcd9cab92b2b05fe955696b and
> > f26d5702857a9c027f84850af48b0eea0f3aa15c from the REL_10_STABLE branch.
> > I would appreciate a review of the attached patches and any comments on
> > things that may have been missed and/or adapted improperly.
>
> FWIW, I would not recommend being in a huge hurry to back-port those
> changes, pending the outcome of this discussion:
>
> https://www.postgresql.org/message-id/flat/f8a4105f076544c180a87ef0c4822352%40stmuk.bayern.de
>
Thanks for the pointer.
> We're going to have to tweak that code somehow, and it's not yet
> entirely clear how.
>
I will monitor the discussion to see what comes of it.
Regards,
-Roberto
--
Roberto C. Sánchez