[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: postgresql-9.1 and postgresql-8.4 in Wheezy

Re: Ola Lundqvist 2017-05-21 <[🔎] CABY6=0kd_h+hJigKpONfM0+tdcT6FuuRLz4vtOpBJugFp8Mp+w@mail.gmail.com>
> Hi Thorsten
> I had a look into this and I'm not sure both statements are correct for Jessie.
> For CVE-2017-7486 I think the information in Jessie is wrong. The
> patched code is definitely there in wheezy at least. But maybe it is
> not triggered for some reason.

postgresql-9.1 in jessie is a reduced package that only builds
postgresql-plperl-9.1, so anything non-perl isn't relevant for 9.1 in

postgresql-9.1 in wheezy is affected from my understanding of when
pg_user_mappings was introduced.

> For CVE-2017-7484 the code do not exist. The same applies to
> postgresql-8.4 in wheezy.

Same argument, 8.4 in wheezy is postgresql-plperl-8.4 only.


Reply to: