Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

Greg Sabino Mullane <htamfids@gmail.com>

From: Greg Sabino Mullane <htamfids@gmail.com>
To: Bruce Momjian <bruce@momjian.us>
Cc: Matthias Apitz <guru@unixarea.de>, Laurenz Albe <laurenz.albe@cybertec.at>, Subhash Udata <subhashudata@gmail.com>, "David G. Johnston" <david.g.johnston@gmail.com>, Adrian Klaver <adrian.klaver@aklaver.com>, 김주연 <mysylph@gmail.com>, "pgsql-general@lists.postgresql.org" <pgsql-general@lists.postgresql.org>
Date: 2024-11-23T18:30:13Z
Lists: pgsql-general
On Sat, Nov 23, 2024 at 1:10 PM Bruce Momjian <bruce@momjian.us> wrote:

> and say bounce the database server and install the binaries.  What I
> have never considered before, and I should have, is the complexity of
> doing this for many remote servers.  Can we improve our guidance for
> these cases?
>

Hmm I'm not sure what else we can say. Our upgrade process is already
drop-dead-simple, especially compared to many (most?) other products out
there. People painting themselves into corners is not something we can
really help with.

Cheers,
Greg