Home > mailing lists

Re: CVE-2024-28849 - Mailing list pgsql-bugs

From	Jonathan S. Katz
Subject	Re: CVE-2024-28849
Date	April 18, 2024 17:25:38
Msg-id	b58f9bae-80d4-442c-a4ca-557733ba47c7@postgresql.org Whole thread Raw
In response to	CVE-2024-28849 ("Mathews, Rob" <rpmathe@sandia.gov>)
Responses	Re: CVE-2024-28849
List	pgsql-bugs

Tree view

On 4/18/24 11:27 AM, Mathews, Rob wrote:
> All,
> 
>     CVE-2024-28849 was found in Version 15.6 and 16.2 this week. Please 
> refer to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28849 
> <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28849> for 
> issues and corrections.
> 
> The Binaries .zip files were the files scanned and found with the 
> vulnerability. There are no known workarounds for this vulnerability.

PostgreSQL doesn't have any dependencies on node.js, let alone 
JavaScript. This CVE doesn't apply to PostgreSQL.

If you are using a package to install PostgreSQL (as it sounds like you 
are), you'll need to reach out to the package maintainers.

Jonathan

Attachment

OpenPGP_signature.asc

pgsql-bugs by date:

From: "Mathews, Rob"
Date: 18 April 2024, 15:27:53
Subject: CVE-2024-28849

From: Jerry Sievert
Date: 18 April 2024, 17:37:27
Subject: Re: CVE-2024-28849

Re: CVE-2024-28849 - Mailing list pgsql-bugs

Attachment

Previous

Next