Re: CVE-2024-28849

Поиск
Список
Период
Сортировка
От Jonathan S. Katz
Тема Re: CVE-2024-28849
Дата
Msg-id b58f9bae-80d4-442c-a4ca-557733ba47c7@postgresql.org
обсуждение исходный текст
Ответ на CVE-2024-28849  ("Mathews, Rob" <rpmathe@sandia.gov>)
Ответы Re: CVE-2024-28849  (Jerry Sievert <jerry@legitimatesounding.com>)
Список pgsql-bugs
Дерево обсуждения 
On 4/18/24 11:27 AM, Mathews, Rob wrote:
> All,
> 
>     CVE-2024-28849 was found in Version 15.6 and 16.2 this week. Please 
> refer to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28849 
> <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28849> for 
> issues and corrections.
> 
> The Binaries .zip files were the files scanned and found with the 
> vulnerability. There are no known workarounds for this vulnerability.

PostgreSQL doesn't have any dependencies on node.js, let alone 
JavaScript. This CVE doesn't apply to PostgreSQL.

If you are using a package to install PostgreSQL (as it sounds like you 
are), you'll need to reach out to the package maintainers.

Jonathan
Вложения

В списке pgsql-bugs по дате отправления:

Предыдущее
От: "Mathews, Rob"
Дата:
Сообщение: CVE-2024-28849
Следующее
От: Jerry Sievert
Дата:
Сообщение: Re: CVE-2024-28849