Re: [SECURITY] [DSA 2340-1] postgresql security update missing for squeeze
On Tue, 2011-11-08 at 00:16 +0000, Jan Kechel wrote:
> Why is there no security update for postgresql-9.0 on squeeze?
>
> .. just wondered why my cron-apt didn't report any postgresql updates
> today. My security.sources.list is
Are you thinking of backports?
> On 11/07/2011 07:49 PM, Thijs Kinkhorst wrote:
> > -------------------------------------------------------------------------
> > Debian Security Advisory DSA-2340-1 security@debian.org
> > http://www.debian.org/security/ Thijs Kinkhorst
> > November 7, 2011 http://www.debian.org/security/faq
> > -------------------------------------------------------------------------
> >
> > Package : postgresql-8.3, postgresql-8.4, postgresql-9.0
> > Vulnerability : weak password hashing
> > Problem type : remote
> > Debian-specific: no
> > CVE ID : CVE-2011-2483
> > Debian Bug : 631285
> >
> > For the testing distribution (wheezy) and unstable distribution (sid),
> > this problem has been fixed in postgresql-8.4 version 8.4.9-1,
> > postgresql-9.0 9.0.5-1 and postgresql-9.1 9.1~rc1-1.
Backports currently has the version 9.1 9.1.1-1~bpo60+1
Does this version need an update for this DSA notice?
cheers,
Dagan
Reply to: