Re: squeeze update of postgresql-8.4?

To: Christoph Berg <myon@debian.org>, debian-lts@lists.debian.org
Subject: Re: squeeze update of postgresql-8.4?
From: Santiago Ruano Rincón <santiagorr@riseup.net>
Date: Fri, 9 Oct 2015 10:50:55 +0200
Message-id: <[🔎] 20151009085054.GA11088@nomada>
In-reply-to: <[🔎] 20151008205929.GA922@msg.df7cb.de>
References: <[🔎] 20151008161110.GA2567@nomada> <[🔎] 20151008205929.GA922@msg.df7cb.de>

El 08/10/15 a las 22:59, Christoph Berg escribió:
> Re: Santiago Ruano Rincón 2015-10-08 <[🔎] 20151008161110.GA2567@nomada>
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of postgresql-8.4:
> > https://security-tracker.debian.org/tracker/CVE-2015-5288
> > https://security-tracker.debian.org/tracker/CVE-2015-5289
> 
> 8.4 is only affected by -5288, but I think it's a minor issue for
> which I don't plan a DSA even for wheezy, but only through
> oldstable-pu.
> 
> What will happen though is that we (credativ) will be releasing a new
> LTS version of the 8.4 branch which will get included in squeeze-lts,
> so this issue will still get fixed in squeeze-lts.
> 

Thanks, Christoph!

> > Would you like to take care of this yourself? We are still understaffed so
> > any help is always highly appreciated.
> > 
> > If yes, please follow the workflow we have defined here:
> > http://wiki.debian.org/LTS/Development
> > 
> > If that workflow is a burden to you, feel free to just prepare an
> > updated source package and send it to debian-lts@lists.debian.org
> > (via a debdiff, or with an URL pointing to the the source package,
> > or even with a pointer to your packaging repository), and the members
> > of the LTS team will take care of the rest. Indicate clearly whether you
> > have tested the updated package or not.
> > 
> > If you don't want to take care of this update, it's not a problem, we
> > will do our best with your package. Just let us know whether you would
> > like to review and/or test the updated package before it gets released.
> 
> Thanks for the boilerplate - you might have noticed that we indeed
> took care of this package in the past :)
> 
> > PS: A member of the LTS team might start working on this update at
> > any point in time. You can verify whether someone is registered
> > on this update in this file:
> > https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
> 
> I've updated CVE/list, not sure if you want to have the above noted in
> dla-needed.txt as well.

Since CVE-2015-5288 is no-dsa, I'm removing the dla-needed entry. I've
also included a note on packages/postgresql-8.4 to explain the above.

Regards,

Santiago

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- squeeze update of postgresql-8.4?
  - From: Santiago Ruano Rincón <santiagorr@riseup.net>
- Re: squeeze update of postgresql-8.4?
  - From: Christoph Berg <myon@debian.org>

Prev by Date: Re: squeeze update of postgresql-8.4?
Next by Date: Re: Offering mysql-5.5 as an option in squeeze-lts
Previous by thread: Re: squeeze update of postgresql-8.4?
Next by thread: squeeze update of lxc?
Index(es):
- Date
- Thread