Bug#970745: buster-pu: package pdns_4.1.6-3+deb10u1

To: Chris Hofstaedtler <zeha@debian.org>, 970745@bugs.debian.org
Subject: Bug#970745: buster-pu: package pdns_4.1.6-3+deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 10 Oct 2020 09:27:59 +0100
Message-id: <[🔎] 7c5fd3a6bd1ce44fe0723297d80cbe8ef606fd92.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 970745@bugs.debian.org
In-reply-to: <20200922202257.pkuowasu4nwcpbgv@zeha.at>
References: <20200922202257.pkuowasu4nwcpbgv@zeha.at> <20200922202257.pkuowasu4nwcpbgv@zeha.at>

Control: tags -1 + confirmed

On Tue, 2020-09-22 at 22:22 +0200, Chris Hofstaedtler wrote:
> Fixes for low-severity issues CVE-2019-10203 and CVE-2020-17482.
> Both using upstream patches for the 4.1 branch.

Please go ahead.

> Maybe it should be pointed out in the stable update notes that
> manual action is needed to remedy CVE-2019-10203 for existing
> installations using postgres. "Manual schema update required for
> PostgreSQL"?

We could, but I'm not sure how many people actually read the fine print
of the announcement mails, particularly in sections that they expect to
be boilerplate.

I was wondering if it was worth a d/NEWS entry, although that would
obviously be potentially annoying if it ends up being shown to users
who don't have the relevant binary package installd.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#970745: buster-pu: package pdns_4.1.6-3+deb10u1
  - From: Chris Hofstaedtler <zeha@debian.org>

Prev by Date: Processed: Re: Bug#970655: buster-pu: package sleuthkit/4.6.5-1+deb10u1
Next by Date: Processed: Re: Bug#970745: buster-pu: package pdns_4.1.6-3+deb10u1
Previous by thread: Processed: Re: Bug#970655: buster-pu: package sleuthkit/4.6.5-1+deb10u1
Next by thread: Processed: Re: Bug#970745: buster-pu: package pdns_4.1.6-3+deb10u1
Index(es):
- Date
- Thread