Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tDgU9-002Vk4-Db
	for pgsql-general@arkaria.postgresql.org; Wed, 20 Nov 2024 08:54:53 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tDgU8-003gZG-1n
	for pgsql-general@arkaria.postgresql.org; Wed, 20 Nov 2024 08:54:52 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <subhashudata@gmail.com>)
	id 1tDgU7-003gZ8-NG
	for pgsql-general@lists.postgresql.org; Wed, 20 Nov 2024 08:54:51 +0000
Received: from mail-pf1-x432.google.com ([2607:f8b0:4864:20::432])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <subhashudata@gmail.com>)
	id 1tDgU5-002tYq-Hs
	for pgsql-general@postgresql.org; Wed, 20 Nov 2024 08:54:51 +0000
Received: by mail-pf1-x432.google.com with SMTP id d2e1a72fcca58-724a96f188cso2124992b3a.1
        for <pgsql-general@postgresql.org>; Wed, 20 Nov 2024 00:54:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1732092887; x=1732697687; darn=postgresql.org;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=kL7PWTKg4WN/Dc+UVmmseizP/Q8f/dwjhYlqZoIexPc=;
        b=kWScvdR37DbARKH/9ZJP0u4ScTggFx4ziFsh/A4febvkkw18Bt/XmoIvzJMuKnixTv
         N7BuSPEB/WmP0rq335ef3ZP74ZOcyJOFHSIQMHEXODHmK6HZMiSQBztQr9d4Km4FloRs
         dljnjdZU3gR8Nb4a5ER1B47FJ5rJwD/+8Zw6nNXCcBtAA0MGBums5RIjtkHAU9EUtznX
         6vOJ9UyzNbx1RBAaNfC8WjuXgL4sjdt/cCVpUa7H3AsuEc6UhenmjHxaHULC+UnzDVzR
         MyMrjHJzFuBOqd+E6i/75GEqJM5HGVpGCuyDxnuVhi/3Po6z8/pZC1lQfa87WUUy1ppM
         DnDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732092887; x=1732697687;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=kL7PWTKg4WN/Dc+UVmmseizP/Q8f/dwjhYlqZoIexPc=;
        b=nDjpB3N0desWkd8jZF17Q7Y/Plq17TZr0XtfORUIWG6kOh3q+CjGjIaqXccRVYbOMy
         31dhOhAeHLNC8Ju6Czqev9wKR4MYTxAM7nCCe1CkcJwA8h8S8mHmVshpU/rJPX1F5UtD
         1fA3F2bRFiz3UUx10Hvrq8V01ckW+TsEqVPn91tMGkNyj4r4d5LlUZ+jwea8YThMnnWA
         MKz0MBRrhMPqPTXZmezze0AD7nas6XpYAQUMxvV7BnK9Npgic8yuC1scy1iXEGM1kYzq
         +DJQotH9OLLPqMuUOxLUZBCLFBDn0/Pbbk/JkjYu47nSybfe+sQbQZjAifd4kZMCRnpl
         vxug==
X-Gm-Message-State: AOJu0Yy+xuRs5Se5UsPom5uWsa+nRNa/WO5ddiGolVhoDwkk3N/TU4jG
	V0TBK5dbuV6AFKwnTcPoTBJggK3AYA9FBvlusGOskfzNUdiCaNwKoECnU0gCGbIdISHtHdjjzqP
	miKSNoLCiwRRg0ZU3UnwNjUjatONcFRAb
X-Google-Smtp-Source: AGHT+IHB5yUx937OeH0TcBfXD5KWIX4whylozLpkkWiWHqeDhj+XU5gPwHP+ExfD8DKkJr6I0c+ODimGt8qUMQc2uDs=
X-Received: by 2002:a05:6a00:8d5:b0:71e:cf8:d6f1 with SMTP id
 d2e1a72fcca58-724bed0bb1emr2925305b3a.14.1732092887287; Wed, 20 Nov 2024
 00:54:47 -0800 (PST)
MIME-Version: 1.0
From: Subhash Udata <subhashudata@gmail.com>
Date: Wed, 20 Nov 2024 14:24:36 +0530
Message-ID: <CAD=40Z1KMXsExhee44Kkce7Lr2xTJ2q34-Af8zwU5BvR47zh6w@mail.gmail.com>
Subject: Clarification on CVE-2024-10979 and PostgreSQL Upgrade Necessity
 Without PL/Perl Usage
To: pgsql-general@postgresql.org
Content-Type: multipart/alternative; boundary="00000000000043cebc0627544df7"
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CAD%3D40Z1KMXsExhee44Kkce7Lr2xTJ2q34-Af8zwU5BvR47zh6w%40mail.gmail.com>
Precedence: bulk

--00000000000043cebc0627544df7
Content-Type: text/plain; charset="UTF-8"

Dear PostgreSQL Community,

I have a query related to the recent security vulnerability,
*CVE-2024-10979*, concerning the PL/Perl extension.

From the advisory, it appears the vulnerability impacts systems utilizing
the PL/Perl extension. My question is:

   - If we do not use the PL/Perl extension in our PostgreSQL instance, is
   it still necessary to upgrade to the patched version of PostgreSQL? Or can
   we safely continue using our current version without concern?

We would like to understand whether this vulnerability has any implications
for environments where the PL/Perl extension is not installed or used.

Thank you so much for your guidance on this.

Best regards,

Subhash Udata

--00000000000043cebc0627544df7
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><p>Dear PostgreSQL Community,</p><p>I have a query related=
 to the recent security vulnerability, <strong>CVE-2024-10979</strong>, con=
cerning the PL/Perl extension.</p><p>From the advisory, it appears the vuln=
erability impacts systems utilizing the PL/Perl extension. My question is:<=
/p><ul><li>If we do not use the PL/Perl extension in our PostgreSQL instanc=
e, is it still necessary to upgrade to the patched version of PostgreSQL? O=
r can we safely continue using our current version without concern?</li></u=
l><p>We would like to understand whether this vulnerability has any implica=
tions for environments where the PL/Perl extension is not installed or used=
.</p><p>Thank you so much for your guidance on this.</p><p>Best regards,</p=
><p>Subhash Udata</p></div>

--00000000000043cebc0627544df7--