> if the above product is affected by the CVE You will find the "Known PostgreSQL Security Vulnerabilities in Supported Versions" here: https://www.postgresql.org/support/security/
For the PostgreSQL JDBC Driver: please check https://jdbc.postgresql.org/security/ or the fixed CVE lists: https://github.com/pgjdbc/pgjdbc/issues?q=CVE+sort%3Aupdated-desc or https://github.com/pgjdbc/pgjdbc/security/advisories ( Security Advisories ) Based on https://www.docker.com/blog/security-advisory-cve-2022-42889-text4shell/ you have to search for the "commons-text-1.9.jar" ( commons-text-*.* ) in the servers or in the clients .. The PostgreSQL ecosystem is huge (e.g. a driver, an extension, or an installer) so you have to check any java related software. Anyway, it's a good time to install the latest patch version of everything. ( Latest PostgreSQL JDBC Driver ; or Latest Postgres minor version; see: https://www.postgresql.org/support/versioning/ ) The Next minor release is expected on: *November 10th, 2022 * ( see https://www.postgresql.org/developer/roadmap/ ) *"The PostgreSQL Project releases security fixes as part of minor version updates. You are always advised to use the latest minor version available, as it will contain other non-security related fixes."* You will find professional services here: https://www.postgresql.org/support/professional_support/ Regards, Imre ( Disclaimer: I am just a Postgres user and not a security expert! ) Cedric Aaron Towstyka <cedric-aaron.towst...@barmenia.de> ezt írta (időpont: 2022. nov. 8., K, 12:10): > Hello dear PostgreSQL Server Team, > > the german bureau for IT-Security "BSI" (Bundesamt für Sicherheit in der > Informationstechnik) has issued a warning for CVE CVE-2022-42889 with the > name commons-text. Insurance companies are obliged to analyse the > installed software for vulnerabilities of this type. > As the Barmenia is using your product PostgreSQL Server it is necessary to > obtain all information regarding any vulnerability against above CVE. > > We kindly ask you to provide information if the above product is affected > by the CVE and if yes, when a fix will be available. > > > > With the request for short-term feedback. > > Kind Regards. > > > > Cedric Aaron Towstyka > > Databaseadministrator > > > > Barmenia Krankenversicherung a. G. > > Barmenia Allgemeine Versicherungs-AG > > Barmenia Lebensversicherung a. G. > > Barmenia-Allee 1 > > 42119 Wuppertal > > > > +49 202 438 2964 > > > > <http://www.barmenia.de> > - facebook.de/barmenia <https://de-de.facebook.com/Barmenia/> - > xing.de/companies/barmenia > <https://www.xing.com/companies/barmeniaversicherungen> - > twitter.com/barmenia - youtube.de/barmenia > <https://www.youtube.com/user/barmenia> > > Barmenia Allgemeine Versicherungs-AG > Vorstand: Dr. Andreas Eurich (Vorsitzender) - Frank Lamsfuß - Ulrich Lamy > - Carola Schroeder > Aufsichtsrats-Vorsitzender: Dr. h. c. Josef Beutelmann; Rechtsform des > Unternehmens: Aktiengesellschaft > Sitz: Wuppertal; Amtsgericht Wuppertal HRB 3033; > USt.-Identifikationsnummer: DE 811425914; Versicherungsteuernummer: > 810/V90810006337 > > Barmenia Krankenversicherung AG > Vorstand: Dr. Andreas Eurich (Vorsitzender) - Frank Lamsfuß - Ulrich Lamy > - Carola Schroeder > Aufsichtsrats-Vorsitzender: Dr. h. c. Josef Beutelmann; Rechtsform des > Unternehmens: Aktiengesellschaft > Sitz: Wuppertal; Amtsgericht Wuppertal HRB 28475; > USt.-Identifikationsnummer: DE 121102508 > > Barmenia Lebensversicherung a. G. > Vorstand: Dr. Andreas Eurich (Vorsitzender) - Frank Lamsfuß - Ulrich Lamy > - Carola Schroeder > Aufsichtsrats-Vorsitzender: Dr. h. c. Josef Beutelmann; Rechtsform des > Unternehmens: Versicherungsverein auf Gegenseitigkeit > Sitz: Wuppertal; Amtsgericht Wuppertal HRB 3854; > USt.-Identifikationsnummer: DE 121102516 > > >
