On Wed, Jun 08, 2022 at 04:15:47PM -0400, Tom Lane wrote: > Roberto =?iso-8859-1?Q?C=2E_S=E1nchez?= <robe...@debian.org> writes: > > I am investigating backporting the fixes for CVE-2022-1552 to 9.6 and > > 9.4 as part of Debian LTS and Extended LTS. I am aware that these > > releases are no longer supported upstream, but I have made an attempt at > > adapting commits ef792f7856dea2576dcd9cab92b2b05fe955696b and > > f26d5702857a9c027f84850af48b0eea0f3aa15c from the REL_10_STABLE branch. > > I would appreciate a review of the attached patches and any comments on > > things that may have been missed and/or adapted improperly. > > FWIW, I would not recommend being in a huge hurry to back-port those > changes, pending the outcome of this discussion: > > https://www.postgresql.org/message-id/flat/f8a4105f076544c180a87ef0c4822352%40stmuk.bayern.de > Thanks for the pointer.
> We're going to have to tweak that code somehow, and it's not yet > entirely clear how. > I will monitor the discussion to see what comes of it. Regards, -Roberto -- Roberto C. Sánchez
