Home > mailing lists

Re: Vulnerability identified with Postgres 13.4 for Windows - Mailing list pgsql-hackers

From	David G. Johnston
Subject	Re: Vulnerability identified with Postgres 13.4 for Windows
Date	October 29, 2021 18:52:00
Msg-id	CAKFQuwYJAUOZ-qeGX6pf7MPXNBc0M4TN=AoT4vjw2xobAEZAFw@mail.gmail.com Whole thread Raw
In response to	Vulnerability identified with Postgres 13.4 for Windows ("Joel Mariadasan (jomariad)" <jomariad@cisco.com>)
List	pgsql-hackers

Tree view

On Friday, October 29, 2021, Joel Mariadasan (jomariad) <jomariad@cisco.com> wrote:

Detected by Automated Scanning tool:
libxml 2.9.10

Can you confirm if this is the same version of libxml used in Postgres?
We want to confirm if the detection is a false positive or a vulnerability.

IIUC (though I’m more familiar with Linux) the core project has now control over which versions of external libraries get installed onto ones machine. In particular the core project only supports compiled from source installation.

David J.

pgsql-hackers by date:

From: tomas@tuxteam.de
Date: 29 October 2021, 17:50:30
Subject: Re: plpgsql: can I use a variable in a DECLARE later whithin the DECLARE?

From: Tom Lane
Date: 29 October 2021, 19:04:43
Subject: Re: Extension ownership and misuse of SET ROLE/SET SESSION AUTHORIZATION

Re: Vulnerability identified with Postgres 13.4 for Windows - Mailing list pgsql-hackers

Previous

Next