Re: [Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] CVE-2018-1057: postgresql-10, postgresql-9.6, postgresql-9.4, postgresql-9.1
Christoph Berg <myon@debian.org> writes:
> jessie's postgresql-9.1 package is shipping a single binary package
> only, postgresql-plperl-9.1. (Check the jessie release notes for the
> rationale.) plperl is not affected by the changes as far as I can tell
> by inspecting src/pl/plperl's git log.
Ok, I understand now. So this doesn't apply to wheezy, only Jessie.
> Backpatching the changes will be hard; a colleague tried to apply the
> pg_dump changes and gave up because hundreds of chunks failed. (The
> rest might be easier though.)
>
> I don't plan to work on a 9.1 LTS release; the changed were deemed
> below the radar by the Debian Security team, and wheezy's EOL is just
> around the corner.
Yes, as the other versions were marked no-dsa, might be best just to
mark it as no-dsa for wheezy too.
Any objections if do this?
Regards
--
Brian May <bam@debian.org>
Reply to: