Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tELfh-006r5E-3t for pgsql-general@arkaria.postgresql.org; Fri, 22 Nov 2024 04:53:33 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tELff-005Alz-Rj for pgsql-general@arkaria.postgresql.org; Fri, 22 Nov 2024 04:53:31 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tELff-005Alr-HF for pgsql-general@lists.postgresql.org; Fri, 22 Nov 2024 04:53:31 +0000 Received: from mail-oa1-x36.google.com ([2001:4860:4864:20::36]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1tELfd-003Dbj-4j for pgsql-general@lists.postgresql.org; Fri, 22 Nov 2024 04:53:30 +0000 Received: by mail-oa1-x36.google.com with SMTP id 586e51a60fabf-2958ddf99a7so1592384fac.2 for ; Thu, 21 Nov 2024 20:53:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732251207; x=1732856007; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ZplSmZO3lCIOB7tUhlUVFKOBg1/T01gW3V3kL5HYjjQ=; b=l/RTCvALPx8OYTi2z2wgstGyAg+5Uira4tDYo8kdNHEddmmZepu4VuYHO70TNRWq19 NoToGqC1Ax8ECP7ShJIUc9lA3iow2QRujFVy4SHjA3vec//h0e5xvh8m8uFB6eWwY6nH XcJ1RdLdNbm/ahXbk4rv3sFac2rnGVzbdGziSy0TmO251rYxUftQVkov3H7RmaZEjbfk VerNG+Z3F213FGz1EgD45+29bAEHFNEgms/9I4R5nJ/PKz7OW8wqZ7LUbY0dNYipOQCl CNwqMsp6AVRlPljPep7FmZk+YpJLdomqUyN4Xvo8Qp8BeUiJxFJrhZAkmsgY7EF5oDG/ 5IxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732251207; x=1732856007; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ZplSmZO3lCIOB7tUhlUVFKOBg1/T01gW3V3kL5HYjjQ=; b=DBe5n7TUe9gBlRH1VddiQK6K+QEPajMPEo8tLtWtg9RuhbgYwZnoNGcfCZXpfVensg aJ4loTZPe+n3w9YAcrbYVifd+LktuU7069LM3rEQACYwRhi/EcWXtduWIyHA6skP8Vu9 8wRdB1/hZPIoDw7m3oDWBHQxM68a7/sNNgXJw/A83sZWFgXXBUCEpeeshrhQu9zk+ALd dzx3U9/srtRi/UPZAR0bj0H/iqgF/s2DE7q4KzGUMs6MwK2uGJ9z6SLagfFi4XMqWv8G P/LWoJcK2iuhIfxU0at+Gvu4dVD8HLYAgfc4OuK3hilE/u0KNkhaHxjloZgHsCP/e+Qs EISg== X-Forwarded-Encrypted: i=1; AJvYcCU5midsgRM2+OZCJoymDmwkq/48yxpuhU6Dhxxyd4lElIbK4MpFN6iaY1v7UPOANDCJaDn7HCTHMGtAYLGz@lists.postgresql.org X-Gm-Message-State: AOJu0YwVN4YQnpZD7EOdnJaM3zowNbszHxJvtv+kHgFbUsYbxTxMyys7 zO7+2OCAMBrSHS9flVf1jClTpKNPjVSipa2T8HePh/BpG05vpRTJ4cbSwcV0hEX8sn5+owsGpL3 7JeDAyzli4KiXqVqBT0KpLONBFYU= X-Gm-Gg: ASbGnctaeb7BwfAoB3hZydzKqi/NSNoF1Pi+6/mQzRSRMnJH8NExHkEOjepiz/iyZHk pKbmnWaXbpjg8L1p3w3FreC+IBItrjzY= X-Google-Smtp-Source: AGHT+IEJvSBY5iyg9MGZmmnqBR1nRm+7YEF4C2SsALZD7wmoAul2d203x2QIhMuQgQQTfS4IR1B3ld9tQWlXu87QEL4= X-Received: by 2002:a05:6871:3a0d:b0:296:56d5:26c with SMTP id 586e51a60fabf-29720c41d0dmr1517026fac.24.1732251207632; Thu, 21 Nov 2024 20:53:27 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a8a:5fc:0:b0:56c:c9af:3ee6 with HTTP; Thu, 21 Nov 2024 20:53:27 -0800 (PST) In-Reply-To: References: <7b5846ac-c16e-48d3-b548-99a772a528c5@aklaver.com> From: "David G. Johnston" Date: Thu, 21 Nov 2024 21:53:27 -0700 Message-ID: Subject: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10 To: Adrian Klaver Cc: Subhash Udata , =?UTF-8?B?6rmA7KO87Jew?= , "pgsql-general@lists.postgresql.org" Content-Type: multipart/alternative; boundary="000000000000e4ac110627792904" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000e4ac110627792904 Content-Type: text/plain; charset="UTF-8" On Thursday, November 21, 2024, Adrian Klaver wrote: > On 11/21/24 20:31, Subhash Udata wrote: > >> Thank you for your detailed response. I would like to clarify my >> situation further to ensure I take the appropriate steps. >> >> Currently, my environment is running *PostgreSQL 15.0*. I understand that >> version *15.9* contains the fix for CVE-2024-10979, as mentioned in the >> release notes. >> > > Whoa, I thought the topic of discussion from your first post and the email > subject was: > > "I am currently using PostgreSQL 11.10 and would like to know if the > CVE-2024-10979 vulnerability affects this version." > No, I just think Subhash hijacked this thread. At least the email address of the OP is a different one. David J. --000000000000e4ac110627792904 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thursday, November 21, 2024, Adrian Klaver <adrian.klaver@aklaver.com> wro= te:
On 11/21/24 20:31, Subhash Udata wrot= e:
Thank you for your detailed response. I would like to clarify my situation = further to ensure I take the appropriate steps.

Currently, my environment is running *PostgreSQL 15.0*. I understand that v= ersion *15.9* contains the fix for CVE-2024-10979, as mentioned in the rele= ase notes.

Whoa, I thought the topic of discussion from your first post and the email = subject was:

"I am currently using PostgreSQL 11.10 and would like to know if the CVE-2024-10979 vulnerability affects this version."

No, I just think Subhash hijacked this thr= ead.=C2=A0 At least the email address of the OP is a different one.

David J.

=C2=A0
--000000000000e4ac110627792904--