Martin Pitt wrote: > Hi security team, > > I backported the relevant changes from 7.4.13 and put the sarge > security update to [1]. This time, just putting 7.4.13 into > sarge-security would even have been safer IMHO, and that's what users > would want anyway, but we already had this discussion several times, > so I only ported the security fixes and a very simple, but important > bug fix. > > The debdiff is available [2], but believe me, you do not really want > to look at it. You have been warned! :) > > The package passes the upstream test suite, the same patches thrown > onto 7.4.8 (which Ubuntu uses in version 5.04) pass my own test suite > in postgresql-common, and the exploit does not work any more, so I'm > fairly sure that it doesn't break too much. > > Please feel free to just upload the provided package, or tell me how > to proceed. > > Thank you! > > Martin > > [1] http://people.debian.org/~mpitt/psql-sarge/ > [2] > http://people.debian.org/~mpitt/psql-sarge/postgresql_7.4.7-6sarge2.debdiff
Thanks a lot. However, could you redo the (source) package without the arch crap inside? Regards, Joey -- A mathematician is a machine for converting coffee into theorems. Paul Erdös Please always Cc to me when replying to me on the lists.