[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: New Postgresql problems



Hi Joey!

Martin Schulze [2005-05-04 12:29 +0200]:
> Martin Pitt wrote:
> > Hi Martin!
> > 
> > Martin Schulze [2005-05-04  7:53 +0200]:
> > > Hi,
> > > 
> > > have you checked whether Debian's posgresql packages need an update
> > > to fix <http://www.postgresql.org/about/news.315>
> > 
> > Yes, an update is required. I'm already at preparing updated packages,
> > but it is a fairly complex update since I have to add code to the
> > postinst which fixes the vulnerability in already existing database.
> > 
> > > Since testing is frozen now, the update for sarge should go via
> > > security.  Since testing and sid share the same version, the
> > > package would then migrate into sid as well.
> > 
> > Hmm, as far as I understood, I could as well upload into sid and ask
> > debian-release to push the package into sarge? Or would you prefer
> > doing a security update, even if Sarge is not yet released?
> 
> Let's decide this when the packages are ready.  Officially security
> support has started, hence via security.  However, if the packages
> will be available soon and the chances that they're built against
> wrong libraries are low, they can go via sid as well.

I just uploaded 7.4.7-6 into Sid with urgency=high. I tested the debs
on my server which runs Sarge, they install fine and both the upgrade
and a fresh installation do not have the vulnerabilities any more. The
only difference between Sarge and Sid is now the security fix. For
your interest, here is the changeset:

 http://arch.piware.de/cgi-bin/archzoom.cgi/pkg-postgresql-private@lists.alioth.debian.org--2005/postgresql--devel--1--patch-41?log

Joey, Debian Release Team: Please let me know whether you can push the
Sid version into Sarge, or you prefer a separate testing-security
upload (which would differ only by the changelog version, though).

Joey, I will prepare a woody upgrade later.

Thanks,

Martin

-- 
Martin Pitt               http://www.piware.de
Ubuntu Developer    http://www.ubuntulinux.org
Debian Developer         http://www.debian.org

Attachment: signature.asc
Description: Digital signature


Reply to: