Re: PostgreSQL CVE-2024-7348 today
| От | Christoph Berg |
|---|---|
| Тема | Re: PostgreSQL CVE-2024-7348 today |
| Дата | |
| Msg-id | Zzjl6LOGMZnB9MZu@msg.df7cb.de обсуждение исходный текст |
| Ответы |
PostgreSQL security updates are re-wrapped
Re: PostgreSQL CVE-2024-7348 today |
| Список | pgsql-pkg-debian |
Re: Moritz Mühlenhoff > DSAs have been released, thanks! Unfortunately there is an ABI change in the last minors that has greater impact than originally planned. The effect is that some extensions need recompilation against the new version (after which they will no longer work with the old version). In Debian, timescaledb and, to a lesser extend, postgresql-16-age are affected, but both are only part of testing, not stable. (See https://qa.debian.org/excuses.php?package=postgresql-17 where the timescaledb problem shows up as regression.) A new round of releases is planned for next week to revert that part. Since we can't tell what 3rd-party extensions people are using with the Debian packages it would be prudent to release that update as a DSA update. PostgreSQL is well aware that problems like that shouldn't happen and the already existing ABI checking will be done even stricter in the future, both manually and automated. Sorry for the trouble, Christoph
В списке pgsql-pkg-debian по дате отправления: