[Pkg-postgresql-public] Bug#778850: closed by Martin Pitt <mpitt at debian.org> (Re: Bug#778850: Acknowledgement (Missing 20-column_privilege_leak.patch file in postgresql-8.4 8.4.22-0ubuntu0.10.04.1 source package))

Martin Pitt mpitt at debian.org
Tue Feb 24 06:03:29 UTC 2015


Hello Charlie,

Charlie Brady [2015-02-22 13:03 -0500]:
> Wouldn't it be wise to at least amend the changelog entry so that going 
> forward it isn't incorrect?

Unfortunately that requires a full upload, build, test, and another
security update. I'm not sure it's worth that effort, but we should
surely adjust the USN text.

> How does this privilege leak not affect Debian?

It does, but the upload you referenced was for Ubuntu 10.04 LTS.
Christopher now said that apparently he just happened to make the same
mistake for apt.postgresql.org, but that's still not "Debian".

> I agree the patch is risky - I had a look at backporting it myself,
> and it's non-trivial. I wonder if someone familiar with the code
> will assist.

I'd just ignore this for -8.4. It's really not that big of an issue
IMHO, it has been EOL upstream for a fair while, and Ubuntu 10.04 LTS
is going end-of-life in just two months.

Martin

-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)



More information about the Pkg-postgresql-public mailing list