[Pkg-postgresql-public] New PostgreSQL releases on 2015-05-22
Salvatore Bonaccorso
carnil at debian.org
Thu May 21 07:40:57 UTC 2015
Hi Christoph,
On Wed, May 20, 2015 at 12:21:00PM +0200, Christoph Berg wrote:
> Hi,
>
> PostgreSQL will be releasing new minor releases on Friday (usually
> around 14 UTC+-1, that should be a good time for the DSAs). The
> tarballs for the updates are not public yet, but the fixes are visible
> in the upstream git, so there's no need to treat this as embargoed,
> but there should still be a coordinated release.
>
> As usual, we have half a dozen packages to update. Unless otherwise
> noted, the packages are all affected three CVEs. I'll push the
> 9.4/unstable update in Friday. I can push the other packages earlier
> for release on Friday if you permit.
Thanks for preparing those. Yes please go ahead, but see one small
comment below.
>
> postgresql-9.4:
> unstable+testing: 9.4.2-1
> jessie: 9.4.2-0+deb8u1
>
> postgresql-9.1:
> unstable+testing: plperl-only compatibility package: rather than
> providing a fix I should use the opportunity to get the packages
> removed there
> jessie: plperl-only compatibility package, only affected by CVE-2015-3166
> 9.1.16-0+deb8u1
> wheezy: 9.1.16-0+deb7u1
Since those will have the same orig tarball and we are supporting both
wheezy and jessie:
https://wiki.debian.org/DebianSecurity/AdvisoryCreation/SecFull#Stable_and_oldstable_sharing_the_same_upstream_tarball
so e.g. build first the jessie-security with full sources included,
upload to security-master and wait until accepted (as you don't get
the accepted mails) wait ~30 minutes for the turnaround
queued-checking, dak moving to unchecked queue etc ...). Then upload
the second one with, but this time do not include the orig sources.
Otherwise this causes problems when pushing the packages from
security-master to ftp-master.
Thanks for your work!
Regards,
Salvatore
More information about the Pkg-postgresql-public
mailing list