Re: BUG #18696: Compatibility Query for Updating zlib1.dll in PostgreSQL 10.2 to Address Security Vulnerabilities
| От | Bruce Momjian |
|---|---|
| Тема | Re: BUG #18696: Compatibility Query for Updating zlib1.dll in PostgreSQL 10.2 to Address Security Vulnerabilities |
| Дата | |
| Msg-id | ZzyYgvNeMP7FverV@momjian.us обсуждение исходный текст |
| Ответ на | Re: BUG #18696: Compatibility Query for Updating zlib1.dll in PostgreSQL 10.2 to Address Security Vulnerabilities (Bruce Momjian <bruce@momjian.us>) |
| Список | pgsql-bugs |
On Mon, Nov 18, 2024 at 10:47:39PM -0500, Bruce Momjian wrote:
> On Thu, Nov 7, 2024 at 10:02:01AM +0000, PG Bug reporting form wrote:
> > The following bug has been logged on the website:
> >
> > Bug reference: 18696
> > Logged by: Minaketan Sabar
> > Email address: minaketan.sabar@gmail.com
> > PostgreSQL version: Unsupported/Unknown
> > Operating system: Windows Server 2019 Standard
> > Description:
> >
> > Hello Team,
> >
> > I’d like to share the details of an issue and seek guidance:
> >
> > Issue/Query: To address the security vulnerabilities “CVE-2022-37434,
> > CVE-2023-45853,” we are planning to replace the zlib1.dll (currently version
> > 1.2.8, default in PostgreSQL 10.2) with the latest zlib1.dll version 1.3.1.
> > This version is included in PostgreSQL 16, and we intend to update by
> > copying the file from the PostgreSQL 16 installation (PostgreSQL\16\bin
> > folder).
>
> You are running an unsupported version of Postgres, so I think zlib is
> only a minor security issue compared to running PG 10.X --- and you
> didn't even upgrade to the later minor versions of PG 10.
Sorry, I should have also referenced this:
https://www.postgresql.org/support/versioning/
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com
When a patient asks the doctor, "Am I going to die?", he means
"Am I going to die soon?"
В списке pgsql-bugs по дате отправления: