Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tqXhr-006cek-Fr for pgsql-general@arkaria.postgresql.org; Fri, 07 Mar 2025 13:25:39 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tqXhp-003qkO-SH for pgsql-general@arkaria.postgresql.org; Fri, 07 Mar 2025 13:25:37 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tqXhp-003qkG-Gf for pgsql-general@lists.postgresql.org; Fri, 07 Mar 2025 13:25:37 +0000 Received: from mail-il1-x133.google.com ([2607:f8b0:4864:20::133]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1tqXhn-001UpG-1n for pgsql-general@lists.postgresql.org; Fri, 07 Mar 2025 13:25:36 +0000 Received: by mail-il1-x133.google.com with SMTP id e9e14a558f8ab-3d3dd76a825so5206655ab.2 for ; Fri, 07 Mar 2025 05:25:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1741353935; x=1741958735; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Nm9XV+IVn10GxNihOOmGU7RwBGlCE++mFaH0IPP0rPU=; b=cU9u1a3Tb1Vv3ZUPMEv0Kbj89F5+9kchwZvCRkHmxatzQKT9meL+i1nYkWJLO3f751 LPfu3Qg2XS4XrbejisJjojGMZgI4ob2vV2Ubpf6tsbuEnvLvMrV45fULWGQRasu3Mah9 KYtiiMXJ16oh2Kxe6Ko+gUejd+wdJp72Y44x3aKtCJGZHmfwbWGJ2PbsXh+J9mGEYZ38 /FFDNNMhjDsT9c9kdmY+6LpB126CriWAYrWNv2Jfs+3z8bRLozMdX8BMyfA04Ec9Ac61 tfExrrLy3fdEbSS8O3O9uxZJxPR7DS5d8HSNPUwxMRuqViDd1NfEsJJcQkjWA7Emq2TG BniQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741353935; x=1741958735; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Nm9XV+IVn10GxNihOOmGU7RwBGlCE++mFaH0IPP0rPU=; b=DosEDRZY0/jAi8ebi1iDnXvvZWZQneZpR/K+ULkNnq4FJUA0M9gLhfgnL8YF7wgSse OyL05IBGZyqcvCN3gNGhgS3jbNU/ABKG+zuvMIZZfzWbu67SDFiRHhVfPmfhkebpNBPV OZfcI/NoC5dm+THzj7TdfuYbW+sd9nuEril2DZu0lg2YYDo26rBoprpkcMfsNk6LaghZ 4g89fuv10FbOuLmccDlaIXZx2gAnqD7oKbZTCg/yO1lnihPfLUaw/NNou1rVz1tthLC8 GN0V+A99QxTdx2o2/BWkzYVdlEDcIHy29FdUC/fkVfUfwQuZQjVS6S1wQlif2FpJSO3G RyXg== X-Forwarded-Encrypted: i=1; AJvYcCWqap45B8HYzpVZCy69hVgDjNuYVwGBLhRNdPlp9Yv5aeC86B4K2f+Qkv9FKL+3khcnM+zPAxFJAv+yx6de@lists.postgresql.org X-Gm-Message-State: AOJu0YwPmK2oyeMn24eX70guLl3S/fWJF4ypoyjN2mWyYIB5CW54YQLU mg4rIlGAA55ga/iCwI/sPcQRv/2Bg+PIOlNIU7M3IkUJm6qdU0xswwslLdjac249UFFesMxwEPL Wsiu+gQO+tv7ckrStuXTvlPWpU+k= X-Gm-Gg: ASbGncvL+WuyeCJeVCH5ZD9QPC7wFKCsTwbBFc2hAjtjR01PYePSoHiFD6gkaXYIFgJ yEexsngSCboGBGuf/oUgPZt8Cf+sjw4rLTZbghNEYbB314YZwfaDr4Hzzowx3Cu3vhJuYIaHX4N oM76eOuEWbg+5CKU+xz7/QjotI06bSUxFdHpX/I+TqHuTz+cFMq4W7q8YNHlN+ X-Google-Smtp-Source: AGHT+IFB75/qLKltTN0rPBlkc+F0OOrF0tZrPAH9Yqo2tzkwLSWH32DTdnL8O11RXza0eVKKLcJ3m+lOi78UbRqPPvo= X-Received: by 2002:a05:6e02:3f89:b0:3d3:e284:afbb with SMTP id e9e14a558f8ab-3d441992552mr38409315ab.11.1741353935018; Fri, 07 Mar 2025 05:25:35 -0800 (PST) MIME-Version: 1.0 References: <14fc085b-1d48-4bc0-9d44-1d11507c0ded@bmc.com> In-Reply-To: <14fc085b-1d48-4bc0-9d44-1d11507c0ded@bmc.com> From: Greg Sabino Mullane Date: Fri, 7 Mar 2025 08:24:57 -0500 X-Gm-Features: AQ5f1JowuCOYgMFublqngYVruPnTCtY-LIb5xQu995wkkZn16jvohcefeqExupc Message-ID: Subject: Re: [EXTERNAL] Re: Asking for OK for a nasty trick to resolve PG CVE-2025-1094 i To: "Abraham, Danny" Cc: Laurenz Albe , "pgsql-general@lists.postgresql.org" Content-Type: multipart/alternative; boundary="000000000000b9ad50062fc08ebc" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000b9ad50062fc08ebc Content-Type: text/plain; charset="UTF-8" CVE-2025-1094 has a narrow blast radius. If you are not directly affected, I would focus your efforts on getting to 17. But the lack of an existing process to smoothly upgrade minor revisions is worrying and something that needs to get addressed as well. Cheers, Greg -- Crunchy Data - https://www.crunchydata.com Enterprise Postgres Software Products & Tech Support --000000000000b9ad50062fc08ebc Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
CVE-2025-1094 has a narrow blast radius. If you are not di= rectly affected, I would focus your efforts on getting to 17. But the lack = of an existing process to smoothly upgrade minor revisions is worrying and = something that needs to get addressed as well.

Cheers,Greg

--
Crunchy Data - = https://www.crunchydata.com
Enterprise Postgres Software Products &a= mp; Tech Support
--000000000000b9ad50062fc08ebc--