Changes between Initial Version and Version 1 of Ticket #813, comment 3
- Timestamp:
- 02/01/24 09:02:24 (10 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #813, comment 3
initial v1 1 Yes this appears that it might be a false reporting issue <sigh> 2 Searching this page (https://www.postgresql.org/support/security/10/) for pg_dump returns only 2 results but these are for much earlier versions of PostgreSQL. 1 Yes this appears that it might be a false reporting issue <sigh>! 2 3 Searching this page (https://www.postgresql.org/support/security/15/) for pg_dump returns no results. 4 5 FYI: mentions of pg_dump are found in much earlier versions of PostgreSQL (e.g. v10). 3 6 4 7 It may take some time to get the false reporting issue removed. 5 8 6 I t might still be prudent (if it can be done?) to get the OSGEO / QGIS distro updated to deliver the latest PostgreSQL version v15.5 as mentioned in my original posting, at least then it has not installed a version of pg_dump.exe that comes from a package which is considered vulnerable?9 If it can be done? - It might still be prudent to get the OSGEO / QGIS distro updated to deliver the latest PostgreSQL version v15.5 as mentioned in my original posting, at least then it has not installed a version of pg_dump.exe that comes from a package which is considered vulnerable / has vulnerable components?
