Hi Thorsten I had a look into this and I'm not sure both statements are correct for Jessie.
For CVE-2017-7486 I think the information in Jessie is wrong. The patched code is definitely there in wheezy at least. But maybe it is not triggered for some reason. For CVE-2017-7484 the code do not exist. The same applies to postgresql-8.4 in wheezy. Christoph. Please correct me if I have misunderstood something. Best regards // Ola On 21 May 2017 at 23:04, Thorsten Alteholz <deb...@alteholz.de> wrote: > Hi Christoph, > > CVE-2017-7486 and CVE-2017-7484 are marked as "not-affected" for > postgresql-9.1 in Jessie. > Can you please confirm that the same package in Wheezy is not affected as > well? > > Do you also have an idea whether CVE-2017-7484 affects postgresql-8.4 in > Wheezy? > > Thanks! > Thorsten > -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
