Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

David G. Johnston <david.g.johnston@gmail.com>

From: "David G. Johnston" <david.g.johnston@gmail.com>
To: Matthias Apitz <guru@unixarea.de>
Cc: Laurenz Albe <laurenz.albe@cybertec.at>, Subhash Udata <subhashudata@gmail.com>, Adrian Klaver <adrian.klaver@aklaver.com>, 김주연 <mysylph@gmail.com>, "pgsql-general@lists.postgresql.org" <pgsql-general@lists.postgresql.org>
Date: 2024-11-22T13:43:58Z
Lists: pgsql-general
On Friday, November 22, 2024, Matthias Apitz <guru@unixarea.de> wrote:

>
> Especially the version V7.2 (released in 2021) can't be updated on the
> client side, the cluster will be migrated to 16.5. I assume that
> CVE-2024-10979 affects the server side, and not the client side.
>

Yes, it is the server that executes procedural language code like plperl.

David J.