Changes between Version 1 and Version 2 of Ticket #813, comment 3


Ignore:
Timestamp:
Feb 1, 2024, 9:26:53 AM (6 months ago)
Author:
ascottwwf

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #813, comment 3

    v1 v2  
    11Yes this appears that it might be a false reporting issue <sigh>!
    22
    3 Searching this page (https://www.postgresql.org/support/security/15/) for pg_dump returns no results.
     3Searching this page (https://www.postgresql.org/support/security/15/) for pg_dump returns no results, however it is not conclusive that just because there is no mention of this specific file it is not still vulnerable.
    44
    5 FYI: mentions of pg_dump are found in much earlier versions of PostgreSQL (e.g. v10).
     5FYI: I do note however that there are mentions of pg_dump being vulnerable found in much earlier versions of PostgreSQL (e.g. v10).
    66
    7 It may take some time to get the false reporting issue removed.
     7If it is a case of false reporting, it may take some time to get the false report issue removed.
    88
    9 If it can be done? - It might still be prudent to get the OSGEO / QGIS distro updated to deliver the latest PostgreSQL version v15.5 as mentioned in my original posting, at least then it has not installed a version of pg_dump.exe that comes from a package which is considered vulnerable / has vulnerable components?
     9If it can be done? - It might still be prudent to get the OSGEO / QGIS distro updated to deliver the latest PostgreSQL version v15.5 as mentioned in my original posting, at least then it has not installed a version of pg_dump.exe that comes from a package which is considered vulnerable / has vulnerable components? - Which for now we do have to consider pg_dump.exe could be vulnerable.