[Osgeo4w-trac] [osgeo4w] #813: Vulnerable PostgreSQL 15.2.0 executable exists after install latest of QGIS LTR 3.28.15 using the OSGEO4W installer
OSGeo4W
trac_osgeo4w at osgeo.org
Thu Feb 1 08:58:05 PST 2024
#813: Vulnerable PostgreSQL 15.2.0 executable exists after install latest of QGIS
LTR 3.28.15 using the OSGEO4W installer
------------------------------------------------+--------------------------
Reporter: ascottwwf | Owner: osgeo4w-
| dev@…
Type: defect | Status: new
Priority: major | Component: Package
Version: | Resolution:
Keywords: PostgreSQL, OSGEO, QGIS LTR 3.28.15 |
------------------------------------------------+--------------------------
Comment (by ascottwwf):
Yes this appears that it might be a false reporting issue <sigh>
Searching this page (https://www.postgresql.org/support/security/10/) for
pg_dump returns only 2 results but these are for much earlier versions of
PostgreSQL.
It may take some time to get the false reporting issue removed.
It might still be prudent (if it can be done?) to get the OSGEO / QGIS
distro updated to deliver the latest PostgreSQL version v15.5 as mentioned
in my original posting, at least then it has not installed a version of
pg_dump.exe that comes from a package which is considered vulnerable?
--
Ticket URL: <https://trac.osgeo.org/osgeo4w/ticket/813#comment:3>
OSGeo4W <http://trac.osgeo.org/osgeo4w>
OSGeo4W is the Windows installer and package environment for the OSGeo stack.
More information about the Osgeo4w-trac
mailing list