Home > mailing lists

Vulnerability identified with Postgres 13.4 for Windows - Mailing list pgsql-hackers

From	Joel Mariadasan (jomariad)
Subject	Vulnerability identified with Postgres 13.4 for Windows
Date	October 29, 2021 13:40:06
Msg-id	DM6PR11MB3452AFC9925606D0DA0E3EDBD7879@DM6PR11MB3452.namprd11.prod.outlook.com Whole thread Raw
Responses	Re: Vulnerability identified with Postgres 13.4 for Windows ("David G. Johnston" <david.g.johnston@gmail.com>) Re: Vulnerability identified with Postgres 13.4 for Windows (Justin Pryzby <pryzby@telsasoft.com>)
List	pgsql-hackers

Tree view

Hi,

The scanning tool used by our organization has detected the presence of vulnerable libxml version in the latest Postgres 13.4 release for windows (Zip version).

Detected by Automated Scanning tool:

libxml 2.9.10

Can you confirm if this is the same version of libxml used in Postgres?

We want to confirm if the detection is a false positive or a vulnerability.

Regards,

Joel

pgsql-hackers by date:

From: gkokolatos@pm.me
Date: 29 October 2021, 12:45:41
Subject: Re: Teach pg_receivewal to use lz4 compression

From: Greg Nancarrow
Date: 29 October 2021, 13:51:57
Subject: Skip vacuum log report code in lazy_scan_heap() if possible

Vulnerability identified with Postgres 13.4 for Windows - Mailing list pgsql-hackers

Previous

Next