Advice about a revised security fix for databases/postgresql
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 20 Feb 2025 15:06:37 UTC
Hi!
The fix for security issue CVE-2025-1094 for postgresql was revised today. The original fix is described to have this problem:
> The fix for CVE-2025-1094 caused the quoting functions to not honor their string length parameters and, in some cases, cause crashes. This problem could be noticeable from a PostgreSQL client library, based on how it is integrated with libpq.
Should i update the vuxml entry, and in that case how? Like this?
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index b1c5bd34c0b6..c6bfb6b76179 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -177,23 +177,23 @@
<affects>
<package>
<name>postgresql17-client</name>
- <range><lt>17.3</lt></range>
+ <range><lt>17.4</lt></range>
</package>
<package>
<name>postgresql16-client</name>
- <range><lt>16.7</lt></range>
+ <range><lt>16.8</lt></range>
</package>
<package>
<name>postgresql15-client</name>
- <range><lt>15.11</lt></range>
+ <range><lt>15.12</lt></range>
</package>
<package>
<name>postgresql14-client</name>
- <range><lt>14.16</lt></range>
+ <range><lt>14.17</lt></range>
</package>
<package>
<name>postgresql13-client</name>
- <range><lt>13.19</lt></range>
+ <range><lt>13.20</lt></range>
</package>
</affects>
<description>
@@ -216,6 +216,9 @@
Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and
13.19 are affected.
</p>
+ <p>
+ The fix was updated a week after the initial release.
+ </p>
</blockquote>
</body>
</description>
Best regards,
Palle