Re: PostgreSQL CVE-2024-7348 today
| От | Moritz Mühlenhoff |
|---|---|
| Тема | Re: PostgreSQL CVE-2024-7348 today |
| Дата | |
| Msg-id | Zzj8cMUb4oxtl8js@inutil.org обсуждение исходный текст |
| Ответ на | Re: PostgreSQL CVE-2024-7348 today (Christoph Berg <myon@debian.org>) |
| Ответы |
postgresql-15 (15.10-0+deb12u1) and a fix for CVE-2024-10978
|
| Список | pgsql-pkg-debian |
On Sat, Nov 16, 2024 at 07:35:20PM +0100, Christoph Berg wrote: > Re: Moritz Mühlenhoff > > DSAs have been released, thanks! > > Unfortunately there is an ABI change in the last minors that has > greater impact than originally planned. > > The effect is that some extensions need recompilation against the new > version (after which they will no longer work with the old version). > In Debian, timescaledb and, to a lesser extend, postgresql-16-age are > affected, but both are only part of testing, not stable. > > (See https://qa.debian.org/excuses.php?package=postgresql-17 where the > timescaledb problem shows up as regression.) > > A new round of releases is planned for next week to revert that part. > > Since we can't tell what 3rd-party extensions people are using with > the Debian packages it would be prudent to release that update as a > DSA update. > > PostgreSQL is well aware that problems like that shouldn't happen and > the already existing ABI checking will be done even stricter in the > future, both manually and automated. Ok, no problem. We'll release that revised update via bookworm-security as well, then. Cheers, Moritz
В списке pgsql-pkg-debian по дате отправления: