[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: postgresql-9.1 and postgresql-8.4 in Wheezy

Hi Thorsten

I had a look into this and I'm not sure both statements are correct for Jessie.

For CVE-2017-7486 I think the information in Jessie is wrong. The
patched code is definitely there in wheezy at least. But maybe it is
not triggered for some reason.
For CVE-2017-7484 the code do not exist. The same applies to
postgresql-8.4 in wheezy.

Christoph. Please correct me if I have misunderstood something.

Best regards

// Ola

On 21 May 2017 at 23:04, Thorsten Alteholz <debian@alteholz.de> wrote:
> Hi Christoph,
> CVE-2017-7486 and CVE-2017-7484 are marked as "not-affected" for
> postgresql-9.1 in Jessie.
> Can you please confirm that the same package in Wheezy is not affected as
> well?
> Do you also have an idea whether CVE-2017-7484 affects postgresql-8.4 in
> Wheezy?
> Thanks!
>  Thorsten

 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /

Reply to: