Re: postgresql-9.1 and postgresql-8.4 in Wheezy
Re: Ola Lundqvist 2017-05-21 <[🔎] CABY6=0kd_h+hJigKpONfM0+tdcT6FuuRLz4vtOpBJugFp8Mpfirstname.lastname@example.org>
> Hi Thorsten
> I had a look into this and I'm not sure both statements are correct for Jessie.
> For CVE-2017-7486 I think the information in Jessie is wrong. The
> patched code is definitely there in wheezy at least. But maybe it is
> not triggered for some reason.
postgresql-9.1 in jessie is a reduced package that only builds
postgresql-plperl-9.1, so anything non-perl isn't relevant for 9.1 in
postgresql-9.1 in wheezy is affected from my understanding of when
pg_user_mappings was introduced.
> For CVE-2017-7484 the code do not exist. The same applies to
> postgresql-8.4 in wheezy.
Same argument, 8.4 in wheezy is postgresql-plperl-8.4 only.