Re: [SECURITY] [DSA 2340-1] postgresql security update missing for squeeze
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Why is there no security update for postgresql-9.0 on squeeze?
.. just wondered why my cron-apt didn't report any postgresql updates
today. My security.sources.list is
deb http://security.debian.org/ squeeze/updates main contrib non-free
on Debian squeeze with postgresql-9.0 installed:
i postgresql-9.0
cu,
jan
On 11/07/2011 07:49 PM, Thijs Kinkhorst wrote:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-2340-1 security@debian.org
> http://www.debian.org/security/ Thijs Kinkhorst
> November 7, 2011 http://www.debian.org/security/faq
> -------------------------------------------------------------------------
>
> Package : postgresql-8.3, postgresql-8.4, postgresql-9.0
> Vulnerability : weak password hashing
> Problem type : remote
> Debian-specific: no
> CVE ID : CVE-2011-2483
> Debian Bug : 631285
>
> magnum discovered that the blowfish password hashing used amongst
> others in PostgreSQL contained a weakness that would give passwords
> with 8 bit characters the same hash as weaker equivalents.
>
> For the oldstable distribution (lenny), this problem has been fixed in
> postgresql-8.3 version 8.3.16-0lenny1.
>
> For the stable distribution (squeeze), this problem has been fixed in
> postgresql-8.4 version 8.4.9-0squeeze1.
>
> For the testing distribution (wheezy) and unstable distribution (sid),
> this problem has been fixed in postgresql-8.4 version 8.4.9-1,
> postgresql-9.0 9.0.5-1 and postgresql-9.1 9.1~rc1-1.
>
> The updates also include reliability improvements, originally scheduled
> for inclusion into the next point release; for details see the respective
> changelogs.
>
> We recommend that you upgrade your postgresql packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBAwAGBQJOuHTjAAoJEI0XMg7eH/Qc6PYQAKN6+NHDrJM6mRZV+qUptHQO
0ERQvdUH3Z35O/wSe7aBi1nRMnsVJ1ryDx3PBkQFtNGs3re8C0uvfUMEbLlyFwM6
Nxf+HjR7UM135q2sQsImznbyhjwqRCJ4ET6fuKQvcC0vcjoC/ZOhwcxvXDEwL51k
zXEvxWbfPoh8FVX9KogvSoV3jjGieSDatOvvwxx5PZ9Dg+nHcrAHWWpjuMElvm8t
TI5f8taZGV6lg4lcBm6nDC0YAaOs1ayo43AOdQdccuVceDt/jYjsioj/irreF2Kx
33OCYSwZDpEVzIb+c2ZVZwnXcR4c/xmleq6AkU08zleLmtzjUtOly4uXZvMj174l
axDa/l57ryQT2gpsmXDKFb4Ni4he/Ti9bSUzdflcKkxtj9BIw9kKT1/R0Afp4dYp
kbUMMl5n0/LczCvBdwGNiVGumTM9sMRZRSlXmaSnqGfZiEW/nR23rPI1DrNfgPnr
x6wjnCtYDrTFsuDGGCpnwddY4HzuvA0wVJnTsef4vx57jYp4pXi1zTbajtWWGMLK
KAM5O06iA4fHkQ8hDPbgu2ykFwGDZUh8QQC1UauFF0f1c+KAdbMjpwQWGQZDvQwW
CkX4g3NyYT6jvwx/o9sHWPKcB/OVVm56eFP0LQlYmMCfi4QPRJ9GMFSDsNNWr9p4
o9elqdCyulRTTj6R1sNK
=3NKN
-----END PGP SIGNATURE-----
Reply to: