Re: Request for assistance to backport CVE-2022-1552 fixes to 9.6 and 9.4 - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Request for assistance to backport CVE-2022-1552 fixes to 9.6 and 9.4
Date
Msg-id 1740804.1654719347@sss.pgh.pa.us
Whole thread Raw
In response to Request for assistance to backport CVE-2022-1552 fixes to 9.6 and 9.4  (Roberto C. Sánchez <roberto@debian.org>)
Responses Re: Request for assistance to backport CVE-2022-1552 fixes to 9.6 and 9.4
List pgsql-hackers
Roberto =?iso-8859-1?Q?C=2E_S=E1nchez?= <roberto@debian.org> writes:
> I am investigating backporting the fixes for CVE-2022-1552 to 9.6 and
> 9.4 as part of Debian LTS and Extended LTS.  I am aware that these
> releases are no longer supported upstream, but I have made an attempt at
> adapting commits ef792f7856dea2576dcd9cab92b2b05fe955696b and
> f26d5702857a9c027f84850af48b0eea0f3aa15c from the REL_10_STABLE branch.
> I would appreciate a review of the attached patches and any comments on
> things that may have been missed and/or adapted improperly.

FWIW, I would not recommend being in a huge hurry to back-port those
changes, pending the outcome of this discussion:

https://www.postgresql.org/message-id/flat/f8a4105f076544c180a87ef0c4822352%40stmuk.bayern.de

We're going to have to tweak that code somehow, and it's not yet
entirely clear how.

            regards, tom lane



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Collation version tracking for macOS
Next
From: Robert Haas
Date:
Subject: Re: Collation version tracking for macOS