Home > mailing lists

Re: Request for assistance to backport CVE-2022-1552 fixes to 9.6 and 9.4 - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Request for assistance to backport CVE-2022-1552 fixes to 9.6 and 9.4
Date	June 8, 2022 23:15:47
Msg-id	1740804.1654719347@sss.pgh.pa.us Whole thread Raw
In response to	Request for assistance to backport CVE-2022-1552 fixes to 9.6 and 9.4 (Roberto C. Sánchez <roberto@debian.org>)
Responses	Re: Request for assistance to backport CVE-2022-1552 fixes to 9.6 and 9.4
List	pgsql-hackers

Tree view

Roberto =?iso-8859-1?Q?C=2E_S=E1nchez?= <roberto@debian.org> writes:
> I am investigating backporting the fixes for CVE-2022-1552 to 9.6 and
> 9.4 as part of Debian LTS and Extended LTS.  I am aware that these
> releases are no longer supported upstream, but I have made an attempt at
> adapting commits ef792f7856dea2576dcd9cab92b2b05fe955696b and
> f26d5702857a9c027f84850af48b0eea0f3aa15c from the REL_10_STABLE branch.
> I would appreciate a review of the attached patches and any comments on
> things that may have been missed and/or adapted improperly.

FWIW, I would not recommend being in a huge hurry to back-port those
changes, pending the outcome of this discussion:

https://www.postgresql.org/message-id/flat/f8a4105f076544c180a87ef0c4822352%40stmuk.bayern.de

We're going to have to tweak that code somehow, and it's not yet
entirely clear how.

            regards, tom lane

pgsql-hackers by date:

From: Tom Lane
Date: 08 June 2022, 23:01:43
Subject: Re: Collation version tracking for macOS

From: Robert Haas
Date: 08 June 2022, 23:19:52
Subject: Re: Collation version tracking for macOS

Re: Request for assistance to backport CVE-2022-1552 fixes to 9.6 and 9.4 - Mailing list pgsql-hackers

Previous

Next