Martin Pitt wrote:
> Hi security team,
>
> I backported the relevant changes from 7.4.13 and put the sarge
> security update to [1]. This time, just putting 7.4.13 into
> sarge-security would even have been safer IMHO, and that's what users
> would want anyway, but we already had this discussion several times,
> so I only ported the security fixes and a very simple, but important
> bug fix.
>
> The debdiff is available [2], but believe me, you do not really want
> to look at it. You have been warned! :)
>
> The package passes the upstream test suite, the same patches thrown
> onto 7.4.8 (which Ubuntu uses in version 5.04) pass my own test suite
> in postgresql-common, and the exploit does not work any more, so I'm
> fairly sure that it doesn't break too much.
>
> Please feel free to just upload the provided package, or tell me how
> to proceed.
>
> Thank you!
>
> Martin
>
> [1] http://people.debian.org/~mpitt/psql-sarge/
> [2]
> http://people.debian.org/~mpitt/psql-sarge/postgresql_7.4.7-6sarge2.debdiff
Thanks a lot. However, could you redo the (source) package without
the arch crap inside?
Regards,
Joey
--
A mathematician is a machine for converting coffee into theorems. Paul Erdös
Please always Cc to me when replying to me on the lists.
