> On 29 Aug 2024, at 14:54, James Watt <crispy.james.watt@gmail.com> wrote:
>
> Our tool have detected that postgre in the version of REL9_6_18~ REL9_6_24 may also affected by the vulnerability
CVE-2022-2625.The vulnerability database does not include these versions and you may not fix it in the REL9_6 branch.
Isthere a need to backport the patch of CVE-2022-2625?
9.6 was EOL at the time of 2022-2625 being announced and thus wasn't considered
for a backport of the fix, the project only applies fixes to supported
versions. Anyone still running 9.6 in production is highly recommended to
upgrade to a supported version.
--
Daniel Gustafsson