Re: BUG #18193: CVE-2019-9193

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: sumanth.vankineni@gmail.com
Cc: pgsql-bugs@lists.postgresql.org
Date: 2023-11-13T15:20:30Z
Lists: pgsql-bugs
PG Bug reporting form <noreply@postgresql.org> writes:
> Just wanted to give an update, I'm not sure if it's mentioned anywhere on
> the website. The PostgreSQl version 13.7 is also vuln to the
> CVE-2019-9193.
> The CVE states only In PostgreSQL 9.3 through 11.2.

Please see

https://www.postgresql.org/about/news/cve-2019-9193-not-a-security-vulnerability-1935/

That CVE is erroneous in full, and so the fact that it also misstates
relevant versions is hardly surprising.

			regards, tom lane