Thread: [BUG] Security bugs affected version detected.

[BUG] Security bugs affected version detected.

From

James Watt

Date:

29 August, 18:54:44

Our tool have detected that postgre in the version of REL9_6_18~ REL9_6_24 may also affected by the vulnerability CVE-2022-2625. The vulnerability database does not include these versions and you may not fix it in the REL9_6 branch. Is there a need to backport the patch of CVE-2022-2625?

Re: [BUG] Security bugs affected version detected.

From

Daniel Gustafsson

Date:

29 August, 19:00:37

> On 29 Aug 2024, at 14:54, James Watt <crispy.james.watt@gmail.com> wrote:
>
> Our tool have detected that postgre  in the version of REL9_6_18~ REL9_6_24 may also affected by the vulnerability
CVE-2022-2625.The vulnerability database does not include these versions and you may not fix it in the REL9_6 branch.
Isthere a need to backport the patch of CVE-2022-2625? 

9.6 was EOL at the time of 2022-2625 being announced and thus wasn't considered
for a backport of the fix, the project only applies fixes to supported
versions.  Anyone still running 9.6 in production is highly recommended to
upgrade to a supported version.

--
Daniel Gustafsson