Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-1057: postgresql-10, postgresql-9.6, postgresql-9.4, postgresql-9.1

To: myon@debian.org, debian-lts@lists.debian.org
Subject: Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-1057: postgresql-10, postgresql-9.6, postgresql-9.4, postgresql-9.1
From: Brian May <bam@debian.org>
Date: Mon, 05 Mar 2018 08:30:07 +1100
Message-id: <[🔎] 87tvtva5r4.fsf@prune.linuxpenguins.xyz>
In-reply-to: <5a95778a8ead3_5ea2ac7899733f04189c4@godard.mail>
References: <5a95778a8ead3_5ea2ac7899733f04189c4@godard.mail>

Christoph Berg <myon@debian.org> writes:

> +	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie is PL/Perl only)

Hello,

What did you mean by "jessie is PL/Perl only"?

I am not sure I see the connection between CVE-2018-1058 (was
incorrectly labeled as CVE-2018-1057) which is for issues concerning the
search_path (as far as I can tell) and PL/Perl.

Just trying to confirm if Wheezy is vulnerable or not. As Wheezy is
using postgresql-9.1, and postgresql-9.1 is not vulnerable in Jessie, I
am guessing wheezy is not vulnerable too.

Thanks.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-1057: postgresql-10, postgresql-9.6, postgresql-9.4, postgresql-9.1
  - From: Christoph Berg <myon@debian.org>

Prev by Date: Re: Better communication about spectre/meltdown
Next by Date: Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: swap links2 bug back, new elinks bug
Previous by thread: Re: Duplicate DLA-1297-1
Next by thread: Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-1057: postgresql-10, postgresql-9.6, postgresql-9.4, postgresql-9.1
Index(es):
- Date
- Thread