Re: PostgreSQL security update
* Martin Pitt:
> PostgreSQL just announced new microreleases which fix one security
> issue and several bugs. Details at
>
> http://www.postgresql.org/about/news.1289
>
> I already uploaded 8.4.7 and 9.0.3 to unstable with the fixes.
>
> I prepared a lenny update in [1] which is ready for upload. I built
> the binaries in a clean lenny chroot, and confirm that they pass both
> the upstream and my postgresql-common test suite. [2] is the complete
> debdiff, [3] the debdiff minus po diff and documentation noise (much
> easier to read).
>
> How do you want me to handle the update for squeeze? 8.3.13 didn't get
> uploaded to squeeze because it was deemed too late [4], but 8.3.13 was
> only a normal bug fix update. As this update will go to -security, is
> that reasonably independent from squeeze itself to upload it now, or
> do you want me to hold it for now?
Thanks for preparing updated packages.
You've confused the versions, I'm afraid.
For lenny, we need an 8.3 update. For squeeze, 8.4. If 8.4.7 can
propagate to squeeze from unstable, that would be the easiest option.
Otherwise, we need to do a testing-security or stable-security upload
for postgresql-8.4 with a version number lower than 8.4.7, but higher
than 8.4.5-0squeeze2.
As usual for PostgreSQL, we can release the 8.3.13 upstream version as
a security update for lenny, thanks to the excellent track record.
Reply to: