Re: Information to CVE-2022-42889
| От | Erik Wienhold |
|---|---|
| Тема | Re: Information to CVE-2022-42889 |
| Дата | |
| Msg-id | 985333330.298748.1667906853727@office.mailbox.org обсуждение исходный текст |
| Ответ на | Information to CVE-2022-42889 (Cedric Aaron Towstyka <Cedric-Aaron.Towstyka@barmenia.de>) |
| Список | pgsql-general |
> On 08/11/2022 11:50 CET Cedric Aaron Towstyka <cedric-aaron.towstyka@barmenia.de> wrote: > > the german bureau for IT-Security "BSI" (Bundesamt für Sicherheit in der > Informationstechnik) has issued a warning for CVE CVE-2022-42889with the name > commons-text. Insurance companies are obliged to analyse the installed > software for vulnerabilities of this type. As the Barmenia is using your > product PostgreSQL Server it is necessary to obtain all information regarding > any vulnerability against above CVE. We kindly ask you to provide information > if the above product is affected by the CVE and if yes, when a fix will be > available. Postgres does not use Java and should not be affected. Maybe if you use PL/Java[1]. This CVE reminds me of Log4j from last year[2]. [1] https://tada.github.io/pljava/ [2] https://www.postgresql.org/message-id/flat/30390f0b07fd4d90b1aacb683ebfae45%40pictet.com -- Erik
В списке pgsql-general по дате отправления: