[Pkg-postgresql-public] About the security issues affecting postgresql-pljava in Wheezy
Raphael Hertzog
hertzog at debian.org
Tue Jun 20 16:22:14 UTC 2017
Hello Christoph & Peter,
The Debian LTS team recently reviewed the security issue(s) affecting your
package in Wheezy:
https://security-tracker.debian.org/tracker/CVE-2016-0767
https://security-tracker.debian.org/tracker/CVE-2016-0768
https://security-tracker.debian.org/tracker/CVE-2016-2192
We decided that we would not prepare a wheezy security update (usually
because the security impact is low and that we concentrate our limited
resources on higher severity issues and on the most widely used packages).
That said the wheezy users would most certainly benefit from a fixed
package and it looks like the issues have all been fixed in 1.5.0 and
1.5.1 so it should be possible to apply upstream fixes.
If you want to work on such an update, you're welcome to do so. Please
try to follow the workflow we have defined here:
https://wiki.debian.org/LTS/Development
If that workflow is a burden to you, feel free to just prepare an
updated source package and send it to debian-lts at lists.debian.org (via a
debdiff, or with an URL pointing to the source package, or even with a
pointer to your packaging repository), and the members of the LTS team
will take care of the rest. However please make sure to submit a tested
package.
Thank you very much.
Raphaël Hertzog,
on behalf of the Debian LTS team.
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
More information about the Pkg-postgresql-public
mailing list