Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-1057: postgresql-10, postgresql-9.6, postgresql-9.4, postgresql-9.1

To: Christoph Berg <myon@debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-1057: postgresql-10, postgresql-9.6, postgresql-9.4, postgresql-9.1
From: Brian May <bam@debian.org>
Date: Wed, 07 Mar 2018 17:43:48 +1100
Message-id: <[🔎] 87a7vk9yhn.fsf@prune.linuxpenguins.xyz>
In-reply-to: <[🔎] 20180306091123.GA2175@msg.df7cb.de>
References: <5a95778a8ead3_5ea2ac7899733f04189c4@godard.mail> <[🔎] 87tvtva5r4.fsf@prune.linuxpenguins.xyz> <[🔎] 20180306091123.GA2175@msg.df7cb.de>

Christoph Berg <myon@debian.org> writes:

> jessie's postgresql-9.1 package is shipping a single binary package
> only, postgresql-plperl-9.1. (Check the jessie release notes for the
> rationale.) plperl is not affected by the changes as far as I can tell
> by inspecting src/pl/plperl's git log.

Ok, I understand now. So this doesn't apply to wheezy, only Jessie.

> Backpatching the changes will be hard; a colleague tried to apply the
> pg_dump changes and gave up because hundreds of chunks failed. (The
> rest might be easier though.)
>
> I don't plan to work on a 9.1 LTS release; the changed were deemed
> below the radar by the Debian Security team, and wheezy's EOL is just
> around the corner.

Yes, as the other versions were marked no-dsa, might be best just to
mark it as no-dsa for wheezy too.

Any objections if do this?

Regards
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-1057: postgresql-10, postgresql-9.6, postgresql-9.4, postgresql-9.1
  - From: Christoph Berg <myon@debian.org>

References:
- Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-1057: postgresql-10, postgresql-9.6, postgresql-9.4, postgresql-9.1
  - From: Brian May <bam@debian.org>
- Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-1057: postgresql-10, postgresql-9.6, postgresql-9.4, postgresql-9.1
  - From: Christoph Berg <myon@debian.org>

Prev by Date: Wheezy update of graphicsmagick?
Next by Date: Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-1057: postgresql-10, postgresql-9.6, postgresql-9.4, postgresql-9.1
Previous by thread: Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-1057: postgresql-10, postgresql-9.6, postgresql-9.4, postgresql-9.1
Next by thread: Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-1057: postgresql-10, postgresql-9.6, postgresql-9.4, postgresql-9.1
Index(es):
- Date
- Thread