Re: [SECURITY] [DSA 2340-1] postgresql security update missing for squeeze

[Dagan <mail.list@pro.geek.nz>]

On Tue, 2011-11-08 at 00:16 +0000, Jan Kechel wrote:
> Why is there no security update for postgresql-9.0 on squeeze?
> 
> .. just wondered why my cron-apt didn't report any postgresql updates
> today. My security.sources.list is

 Are you thinking of backports? 

> On 11/07/2011 07:49 PM, Thijs Kinkhorst wrote:
> > -------------------------------------------------------------------------
> > Debian Security Advisory DSA-2340-1                   security@debian.org
> > http://www.debian.org/security/                           Thijs Kinkhorst
> > November 7, 2011                       http://www.debian.org/security/faq
> > -------------------------------------------------------------------------
> > 
> > Package        : postgresql-8.3, postgresql-8.4, postgresql-9.0
> > Vulnerability  : weak password hashing
> > Problem type   : remote
> > Debian-specific: no
> > CVE ID         : CVE-2011-2483 
> > Debian Bug     : 631285
> > 
> > For the testing distribution (wheezy) and unstable distribution (sid),
> > this problem has been fixed in postgresql-8.4 version 8.4.9-1,
> > postgresql-9.0 9.0.5-1 and postgresql-9.1 9.1~rc1-1.

 Backports currently has the version 9.1 9.1.1-1~bpo60+1

 Does this version need an update for this DSA notice?

 cheers,
 Dagan