[Pkg-postgresql-public] Bug#778850: Bug#778850: closed by Martin Pitt <mpitt at debian.org> (Re: Bug#778850: Acknowledgement (Missing 20-column_privilege_leak.patch file in postgresql-8.4 8.4.22-0ubuntu0.10.04.1 source package))
Charlie Brady
charlieb at budge.apana.org.au
Tue Feb 24 20:40:51 UTC 2015
On Mon, 23 Feb 2015, Stephen Frost wrote:
> I wasn't aware that anyone was still concerned with 8.4... Have other
> patches which are relevant to 8.4 been back-patched?
Yes.
https://lists.debian.org/debian-lts-announce/2015/02/msg00006.html
CVE-2015-0241, CVE-2015-0243 and CVE-2015-0244 were really patched.
CVE-2014-8161 appears in the update announcement, but in error.
> As the original author of the patch for master through 9.0, I'd be happy
> to review a patch that someone sends me for 8.4.
Neither Martin nor I have been able to make such a patch, as we are not
familiar with the refactoring between 8.4 and 9.0.
If you look at commit 32bf6ee6ab5cdfa4247f984f864860d988a58dfe you will
see a patch to a file genam.c which doesn't appear in 8.4. And I don't see
similar code elsewhere.
I think there were multiple similar issues with commit
804b6b6db4dcfc590a468e7be390738f9f7755fb.
More information about the Pkg-postgresql-public
mailing list