Vladimir Koshelenko wrote: > В сообщении от 12 февраля 2007 JJDaNiMoTh написал(a): > >> PostgreSQL 8.1 before 8.1.7 allows attackers to disable >> ... >> Upgrade to postgresql 8.1.8, that contains all security patches from >> 8.1.7. > > Already upgraded to 8.2.3, but this require full dump and restore. > Same thing about php. > It seems that Arch mantainers mantain packages isn't really fast :) I think that the advice is clear: the bug for series 8.1 ( that is used by ArchLinux ) is resolved in the 8.1.7 - 8.1.8 release. Recompiling and installing postgresql 8.1.8 doesn't require a full dump and restore. We don't need to upgrade to 8.2 series for security. I'm secure that devs know when a major update ( from 8.1 to 8.2 ) is needed; but this isn't our work. Right? > > If you use something other than redhat, suse or debian, you must watch for > security issues and rebuild apps by yourself.. it faster. And in Arch its > fairly easy. Just increase version number in PKGBUILD, (and remove md5 sum if > you really impatient). I am not a dev, but upgrading package it isn't simple, like you describe. Yes, your method works, but devs must do a lot of other thing, before officially upgrading package ( like test if other apps work with newer version ). These advices only suggest at devs that exist a security patch o a security update for specify package. For other thing exists an "out-of-date" flag on cvs web interface.
_______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
