dvarrazzo
commented
8 months ago 2.7.3.2 was released in 2017, more than 6 years ago.
Closed sunilkumar207106 closed 8 months ago
dvarrazzo
commented
8 months ago 2.7.3.2 was released in 2017, more than 6 years ago.
sunilkumar207106
commented
8 months ago could you please also tell which version of psycopg package does not have these vulnerability
dvarrazzo
commented
8 months ago No, I can't. I don't know in which version they were fixed in the libraries we bundled. You can use the git history of the project to figure it out or you can pay me for my time to look it up for you.
I suggest that you don't use psycopg2-binary. Use psycopg2 and the library will bind with the OpenSSL and other libraries on your system. From there on you can use your OS facilities to manage library upgrades and security updates.
Please complete the following information:
Describe the bug I found that this particular package has below vulnerability CVE-2021-3711 CVE-2022-1292 CVE-2022-2068 CVE-2023-4807 CVE-2021-23840 CVE-2022-0778 CVE-2022-4450 CVE-2023-0215 CVE-2023-0464 CVE-2021-3712 CVE-2023-0286 CVE-2023-2650 CVE-2020-1971 CVE-2021-23841 CVE-2021-3449 CVE-2021-4160 CVE-2022-4304 CVE-2024-0727 CVE-2022-2097 CVE-2023-0465 CVE-2023-0466 CVE-2023-3817 CVE-2023-5678
to remove these I tried to update the updated package, but I am not sure which version of this package does not has these issues If some one help to point out if we have any version of this package which does not contains above vulnerability please let me know Thank you,