Michael Paquier schrieb am 05.03.2021 um 08:38: > On Fri, Mar 05, 2021 at 12:32:43AM -0700, bchen90 wrote: >> NVD linkļ¼ >> >> https://nvd.nist.gov/vuln/detail/CVE-2021-20229#vulnCurrentDescriptionTitle > > This link includes incorrect information. CVE-2021-20229 is only a > problem in 13.0 and 13.1, fixed in 13.2. Please see for example here: > https://www.postgresql.org/support/security/ > > The commit that fixed the issue is c028faf, mentioning 9ce77d7 as the > origin point, a commit introduced in Postgres 13.
I think the information is correct as it says "Up to (excluding) 13.2" I understand the "(excluding)" part, such that the "excluded" version is _not_ affected by it. But it's really a confusing way to present that kind of information.