Re: BUG #18696: Compatibility Query for Updating zlib1.dll in PostgreSQL 10.2 to Address Security Vulnerabilities

On Thu, Nov  7, 2024 at 10:02:01AM +0000, PG Bug reporting form wrote:
> The following bug has been logged on the website:
> 
> Bug reference:      18696
> Logged by:          Minaketan Sabar
> Email address:      minaketan.sabar@gmail.com
> PostgreSQL version: Unsupported/Unknown
> Operating system:   Windows Server 2019 Standard
> Description:        
> 
> Hello Team,
> 
> I’d like to share the details of an issue and seek guidance:
> 
> Issue/Query: To address the security vulnerabilities “CVE-2022-37434,
> CVE-2023-45853,” we are planning to replace the zlib1.dll (currently version
> 1.2.8, default in PostgreSQL 10.2) with the latest zlib1.dll version 1.3.1.
> This version is included in PostgreSQL 16, and we intend to update by
> copying the file from the PostgreSQL 16 installation (PostgreSQL\16\bin
> folder).

You are running an unsupported version of Postgres, so I think zlib is
only a minor security issue compared to running PG 10.X --- and you
didn't even upgrade to the later minor versions of PG 10.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  When a patient asks the doctor, "Am I going to die?", he means 
  "Am I going to die soon?"