Re: postgresql command line exploit found in the wild
| От | Christoph Berg |
|---|---|
| Тема | Re: postgresql command line exploit found in the wild |
| Дата | |
| Msg-id | 20130409124412.GE26705@msgid.df7cb.de обсуждение исходный текст |
| Ответ на | Re: postgresql command line exploit found in the wild ("Daniel Verite" <daniel@manitou-mail.org>) |
| Список | pgsql-general |
Re: Daniel Verite 2013-04-08 <cd81d201-e9fa-4567-ac49-e3e762935747@mm> > Merlin Moncure wrote: > > > if you have an internet facing database, patch it immediately! > > By the way: > > People running 9.1 on debian stable (squeeze) typically use this package: > http://packages.debian.org/squeeze-backports/postgresql-9.1 > > Currently, it looks like the fix is only available in pre-compiled form for > the amd64 architecture (see the bottom of the page). All other archs > including the popular i386 are stuck at version: 9.1.7-1~bpo60+1 This is just packages.debian.org lagging behind. The packages were available on Thursday. (Excluding i386/armel.) Look at the timestamps on http://backports.debian.org/debian-backports/pool/main/p/postgresql-9.1/ . > I find it problematic. One can always switch to the new apt.postgresql.org > repository that has the latest versions, but how many people are going to not > even notice the problem, trusting their normal upgrade path? I'm poking the backports people to throw more resources on building packages there. Christoph -- cb@df7cb.de | http://www.df7cb.de/
В списке pgsql-general по дате отправления: