On Mon, Dec 30, 2024 at 04:50:12PM -0500, Roberto C. Sánchez wrote:
> On Sat, Dec 14, 2024 at 09:50:23PM -0500, Roberto C. Sánchez wrote:
> > Greetings pgsql devs,
> >
> > I would appreciate a review of my strategy for backporting the commits
> > related to CVE-2024-10978. (I am working with versions 11, 9.6, and 9.4,
> > for some older Debian releases.)
> >
> > My conclusion is that of the two commits associated with CVE-2024-10978,
> > both are required in 11 and 9.6, but only one is required in 9.4.
> >
> I wonder if someone might be able to look at my original message and
> help validate my analysis.
I saw your question and was kind of stumped about how to answer. We
rarely look at back branches for backpatch analysis, so I think we are
kind of confused on how to answer. Under what circumstances are you
supported versions of Postgres that we don't support? Is this part of
Debian policy? Is our five-year insufficient?
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com
Do not let urgent matters crowd out time for investment in the future.
