Roberto =?iso-8859-1?Q?C=2E_S=E1nchez?= <robe...@debian.org> writes: > I am investigating backporting the fixes for CVE-2022-1552 to 9.6 and > 9.4 as part of Debian LTS and Extended LTS. I am aware that these > releases are no longer supported upstream, but I have made an attempt at > adapting commits ef792f7856dea2576dcd9cab92b2b05fe955696b and > f26d5702857a9c027f84850af48b0eea0f3aa15c from the REL_10_STABLE branch. > I would appreciate a review of the attached patches and any comments on > things that may have been missed and/or adapted improperly.
FWIW, I would not recommend being in a huge hurry to back-port those changes, pending the outcome of this discussion: https://www.postgresql.org/message-id/flat/f8a4105f076544c180a87ef0c4822352%40stmuk.bayern.de We're going to have to tweak that code somehow, and it's not yet entirely clear how. regards, tom lane
