Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tEKo2-006mIZ-DB
	for pgsql-general@arkaria.postgresql.org; Fri, 22 Nov 2024 03:58:06 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tEKo1-004V36-3N
	for pgsql-general@arkaria.postgresql.org; Fri, 22 Nov 2024 03:58:05 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <subhashudata@gmail.com>)
	id 1tEKo0-004V2y-LV
	for pgsql-general@lists.postgresql.org; Fri, 22 Nov 2024 03:58:04 +0000
Received: from mail-pf1-x435.google.com ([2607:f8b0:4864:20::435])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <subhashudata@gmail.com>)
	id 1tEKnt-003DEX-US
	for pgsql-general@lists.postgresql.org; Fri, 22 Nov 2024 03:58:04 +0000
Received: by mail-pf1-x435.google.com with SMTP id d2e1a72fcca58-724e5fb3f9dso53313b3a.3
        for <pgsql-general@lists.postgresql.org>; Thu, 21 Nov 2024 19:57:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1732247875; x=1732852675; darn=lists.postgresql.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=K7izIltPZ3m7t+K8NRtgxveAlDMxHlhUYRbPiR/ZyK4=;
        b=ZKAHin6AdZO44RKmT+nAw7niOSke9AFHnKK7BxWbH41TdTj9q3TkkyX95Isqg+iVTs
         07WpDvjssiC/5ja/HjNlhIbbbUXpsYAFZJ43rACDaadbDzCE8rLmheXRbFFMYTOj8wHn
         ztigvm81ja3dfn8bNvEsyxjRaJ2jokfybt96zSCjHteUlhTLVFF9PRjrdMhB8Ox+3fp9
         MdPxXK2GXtiekN9RXjqDM+OHXa988YIkKm/9KBDehVwd08ZpOhc6i5WJU0QG/Z6ECzns
         8hsDIryLTRFH584nFENzKDh2kuweP3xFIu8gTCrDFj2wGaZXspE8tdFUUWHL6StvMZ5J
         bp4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732247875; x=1732852675;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=K7izIltPZ3m7t+K8NRtgxveAlDMxHlhUYRbPiR/ZyK4=;
        b=FjPi3gfIcPeXYGfYXVRECpj4CAynBdi2UVi75LEFpDkMEpG5EYI+FonsU/BqnyvpzC
         nDW0TPnBZJzmxhxD1io/MLqt/S+ngNc0i24jhV4tuwJyFmAE6aDLT5YAOEyhRcHd9EHs
         MX8uEZMSufj6pJ64fSO+cu5D8fKGBCxhdsSeZorF10tTx9S4jAgPcPVlqreyaG1iEVfM
         RNH4+rOZ9qBwe4hyjIULxNk/+lz4wWWgoGl28y9k2FRUQCytsZRpiWEd54R7fPKOad4i
         N/uy7GOPENotqHLVrQ5WP93RahRDHuSEdbIQ2JMnvxBJenapnewWGZ+JvluuhiXCUN3V
         jclA==
X-Forwarded-Encrypted: i=1; AJvYcCUass0tds94Dk2F3u360pi3Ess94Grp8HSqVREY6dbQJdrFLGFFYaVme9Su7GFfKaDxP+R8EEtXhTEz0KrZ@lists.postgresql.org
X-Gm-Message-State: AOJu0Yw/D2n9YU1ECjqzO5npfrNhwli6pslOz8xivvr6EQe8ac3Ms2Ku
	R5RvVR+X6c7OdVUvSIxRfdQ7KQVBIGGccfYi4BR1j/4IqrRognPMhQfSw9/8dT+fCfG6u+WW31M
	KDMVST0tsf9zLfycwJgKj9T5adIk=
X-Gm-Gg: ASbGncvqTPX1ubxVWQPsyXK3Mv0Q7ksi9NXg6kVgM0yLoh2VIx1RefCRBGwNDScETF8
	zOcdNTByzuOw1ZxrDeDm2UDLH9xayLw==
X-Google-Smtp-Source: AGHT+IGr7Fz5PAHvsH1bLRZdrNniiAujEcuXIX8rVUb8NUQz+yfu9Gv1U4GpDZIQcXRvWLXE3IrcarjZwRlnGOczBI0=
X-Received: by 2002:a17:90b:224b:b0:2ea:33d3:5276 with SMTP id
 98e67ed59e1d1-2eb0e86c16emr1450572a91.25.1732247875449; Thu, 21 Nov 2024
 19:57:55 -0800 (PST)
MIME-Version: 1.0
References: <CAONZJQkaLtHeNz3P5wO8-EWPjOJ1M5fgyp8x4Mc4bb_U9n9_6g@mail.gmail.com>
 <7b5846ac-c16e-48d3-b548-99a772a528c5@aklaver.com>
In-Reply-To: <7b5846ac-c16e-48d3-b548-99a772a528c5@aklaver.com>
From: Subhash Udata <subhashudata@gmail.com>
Date: Fri, 22 Nov 2024 09:27:44 +0530
Message-ID: <CAD=40Z3G8z6d1BMDmQVAAPWzCzK5kbU9wWTCZA58qmq8-L=eoA@mail.gmail.com>
Subject: Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10
To: Adrian Klaver <adrian.klaver@aklaver.com>
Cc: =?UTF-8?B?6rmA7KO87Jew?= <mysylph@gmail.com>, 
	pgsql-general@lists.postgresql.org
Content-Type: multipart/alternative; boundary="000000000000477bab0627786381"
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CAD%3D40Z3G8z6d1BMDmQVAAPWzCzK5kbU9wWTCZA58qmq8-L%3DeoA%40mail.gmail.com>
Precedence: bulk

--000000000000477bab0627786381
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Adrian,

Thank you for your response regarding the affected versions of PostgreSQL.
I have a follow-up question for clarification:

The PostgreSQL documentation mentions that the versions with a fix for
CVE-2024-10979 are *17.1, 16.5, 15.9, 14.14, 13.17, and 12.21*. However,
your reply states that any version greater than 13+ should suffice.

Could you please confirm if upgrading to one of the specific versions
listed above is mandatory, or is it acceptable to upgrade to any version
higher than 13?

Your guidance will help us determine the appropriate upgrade path for our
environment.

Thank you for your time and assistance.

On Thu, 21 Nov 2024 at 12:24, Adrian Klaver <adrian.klaver@aklaver.com>
wrote:

> On 11/20/24 22:44, =EA=B9=80=EC=A3=BC=EC=97=B0 wrote:
> > Hello, I am currently using PostgreSQL 11.10 and would like to know if
> > the CVE-2024-10979 vulnerability affects this version.
>
> Postgres 11 is past EOL, see:
>
> https://www.postgresql.org/support/versioning/
>
>
> > If it does impact my version, I would like to know which version I
> > should upgrade to.
>
> Any version from 13+.
>
> --
> Adrian Klaver
> adrian.klaver@aklaver.com
>
>
>
>

--000000000000477bab0627786381
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><p>Hi Adrian,<br><br>Thank you for your response regarding=
 the affected versions of PostgreSQL. I have a follow-up question for clari=
fication:</p><p>The PostgreSQL documentation mentions that the versions wit=
h a fix for CVE-2024-10979 are <strong>17.1, 16.5, 15.9, 14.14, 13.17, and =
12.21</strong>. However, your reply states that any version greater than 13=
+ should suffice.</p><p>Could you please confirm if upgrading to one of the=
 specific versions listed above is mandatory, or is it acceptable to upgrad=
e to any version higher than 13?</p><p>Your guidance will help us determine=
 the appropriate upgrade path for our environment.</p><p>Thank you for your=
 time and assistance.</p></div><br><div class=3D"gmail_quote"><div dir=3D"l=
tr" class=3D"gmail_attr">On Thu, 21 Nov 2024 at 12:24, Adrian Klaver &lt;<a=
 href=3D"mailto:adrian.klaver@aklaver.com">adrian.klaver@aklaver.com</a>&gt=
; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px=
 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 11/2=
0/24 22:44, =EA=B9=80=EC=A3=BC=EC=97=B0 wrote:<br>
&gt; Hello, I am currently using PostgreSQL 11.10 and would like to know if=
 <br>
&gt; the CVE-2024-10979 vulnerability affects this version.<br>
<br>
Postgres 11 is past EOL, see:<br>
<br>
<a href=3D"https://www.postgresql.org/support/versioning/" rel=3D"noreferre=
r" target=3D"_blank">https://www.postgresql.org/support/versioning/</a><br>
<br>
<br>
&gt; If it does impact my version, I would like to know which version I <br=
>
&gt; should upgrade to.<br>
<br>
Any version from 13+.<br>
<br>
-- <br>
Adrian Klaver<br>
<a href=3D"mailto:adrian.klaver@aklaver.com" target=3D"_blank">adrian.klave=
r@aklaver.com</a><br>
<br>
<br>
<br>
</blockquote></div>

--000000000000477bab0627786381--