public inbox for [email protected]
help / color / mirror / Atom feedFrom: Subhash Udata <[email protected]>
To: [email protected]
Subject: Clarification on CVE-2024-10979 and PostgreSQL Upgrade Necessity Without PL/Perl Usage
Date: Wed, 20 Nov 2024 14:24:36 +0530
Message-ID: <CAD=40Z1KMXsExhee44Kkce7Lr2xTJ2q34-Af8zwU5BvR47zh6w@mail.gmail.com> (raw)
Dear PostgreSQL Community,
I have a query related to the recent security vulnerability,
*CVE-2024-10979*, concerning the PL/Perl extension.
From the advisory, it appears the vulnerability impacts systems utilizing
the PL/Perl extension. My question is:
- If we do not use the PL/Perl extension in our PostgreSQL instance, is
it still necessary to upgrade to the patched version of PostgreSQL? Or can
we safely continue using our current version without concern?
We would like to understand whether this vulnerability has any implications
for environments where the PL/Perl extension is not installed or used.
Thank you so much for your guidance on this.
Best regards,
Subhash Udata
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: Clarification on CVE-2024-10979 and PostgreSQL Upgrade Necessity Without PL/Perl Usage
In-Reply-To: <CAD=40Z1KMXsExhee44Kkce7Lr2xTJ2q34-Af8zwU5BvR47zh6w@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox