Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Ron Johnson <[email protected]>
To: pgsql-generallists.postgresql.org <[email protected]>
Subject: Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10
Date: Fri, 22 Nov 2024 04:18:02 -0500
Message-ID: <CANzqJaDVzQu2-44WRW-8wSw9bP9CSjAwe34+PKdt9Q86vYr3Rg@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <CAONZJQkaLtHeNz3P5wO8-EWPjOJ1M5fgyp8x4Mc4bb_U9n9_6g@mail.gmail.com>
	<[email protected]>
	<CAD=40Z3G8z6d1BMDmQVAAPWzCzK5kbU9wWTCZA58qmq8-L=eoA@mail.gmail.com>
	<CAKFQuwbW-5yyVPCjyTJ0uwZZvn9J94s1XzuFnoBbMXp3BC3XyQ@mail.gmail.com>
	<CAD=40Z2+84YNSM7oMb4QBpuAaadk=9XRw3PGEu5Ui_YsWpmtFA@mail.gmail.com>
	<[email protected]>
	<Z0A6Eg2FH2Nb5sWO@pureos>
	<[email protected]>

On Fri, Nov 22, 2024 at 4:01 AM Achilleas Mantzios - cloud <
[email protected]> wrote:

>
> On 11/22/24 10:00, Matthias Apitz wrote:
>
[snip]

>
> Why not decouple client libs from the server ? i.e. psql works great
> with many versions greater than its own. And certainly with same major
> versions. You could retain the same client libs and just upgrade the
> PgSQL server to the highest minor version of the major version that you
> support.
>

Small VARs that sell turnkey solutions would rather bundle everything
together.  One application version, one database version, one OS version,
one set of hardware, all bundled up and sold to a tech-illiterate customer
that doesn't employ a DBA or SysAdmin.  That way, when something
stops working, you aren't guessing if it's this patch, that patch, etc etc.

Not saying that Matthias works for such a VAR, but such companies
definitely exist.

-- 
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!

view thread (25+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10
  In-Reply-To: <CANzqJaDVzQu2-44WRW-8wSw9bP9CSjAwe34+PKdt9Q86vYr3Rg@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox