[Pkg-postgresql-public] Bug#778850: closed by Martin Pitt <mpitt at debian.org> (Re: Bug#778850: Acknowledgement (Missing 20-column_privilege_leak.patch file in postgresql-8.4 8.4.22-0ubuntu0.10.04.1 source package))
Christoph Berg
myon at debian.org
Tue Feb 24 09:14:42 UTC 2015
Re: Martin Pitt 2015-02-24 <20150224060329.GC3858 at piware.de>
> > How does this privilege leak not affect Debian?
>
> It does, but the upload you referenced was for Ubuntu 10.04 LTS.
> Christopher now said that apparently he just happened to make the same
> mistake for apt.postgresql.org, but that's still not "Debian".
In squeeze-lts, so in Debian. (OTOH, we haven't touched 8.4 in
apt.pg.o since 8.4 is EOL.)
> > I agree the patch is risky - I had a look at backporting it myself,
> > and it's non-trivial. I wonder if someone familiar with the code
> > will assist.
>
> I'd just ignore this for -8.4. It's really not that big of an issue
> IMHO, it has been EOL upstream for a fair while, and Ubuntu 10.04 LTS
> is going end-of-life in just two months.
squeeze-lts will be around for one more year...
Christoph
--
cb at df7cb.de | http://www.df7cb.de/
More information about the Pkg-postgresql-public
mailing list