-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
Why is there no security update for postgresql-9.0 on squeeze? .. just wondered why my cron-apt didn't report any postgresql updates today. My security.sources.list is deb http://security.debian.org/ squeeze/updates main contrib non-free on Debian squeeze with postgresql-9.0 installed: i postgresql-9.0 cu, jan On 11/07/2011 07:49 PM, Thijs Kinkhorst wrote: > ------------------------------------------------------------------------- > Debian Security Advisory DSA-2340-1 [email protected] > http://www.debian.org/security/ Thijs Kinkhorst > November 7, 2011 http://www.debian.org/security/faq > ------------------------------------------------------------------------- > > Package : postgresql-8.3, postgresql-8.4, postgresql-9.0 > Vulnerability : weak password hashing > Problem type : remote > Debian-specific: no > CVE ID : CVE-2011-2483 > Debian Bug : 631285 > > magnum discovered that the blowfish password hashing used amongst > others in PostgreSQL contained a weakness that would give passwords > with 8 bit characters the same hash as weaker equivalents. > > For the oldstable distribution (lenny), this problem has been fixed in > postgresql-8.3 version 8.3.16-0lenny1. > > For the stable distribution (squeeze), this problem has been fixed in > postgresql-8.4 version 8.4.9-0squeeze1. > > For the testing distribution (wheezy) and unstable distribution (sid), > this problem has been fixed in postgresql-8.4 version 8.4.9-1, > postgresql-9.0 9.0.5-1 and postgresql-9.1 9.1~rc1-1. > > The updates also include reliability improvements, originally scheduled > for inclusion into the next point release; for details see the respective > changelogs. > > We recommend that you upgrade your postgresql packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAwAGBQJOuHTjAAoJEI0XMg7eH/Qc6PYQAKN6+NHDrJM6mRZV+qUptHQO 0ERQvdUH3Z35O/wSe7aBi1nRMnsVJ1ryDx3PBkQFtNGs3re8C0uvfUMEbLlyFwM6 Nxf+HjR7UM135q2sQsImznbyhjwqRCJ4ET6fuKQvcC0vcjoC/ZOhwcxvXDEwL51k zXEvxWbfPoh8FVX9KogvSoV3jjGieSDatOvvwxx5PZ9Dg+nHcrAHWWpjuMElvm8t TI5f8taZGV6lg4lcBm6nDC0YAaOs1ayo43AOdQdccuVceDt/jYjsioj/irreF2Kx 33OCYSwZDpEVzIb+c2ZVZwnXcR4c/xmleq6AkU08zleLmtzjUtOly4uXZvMj174l axDa/l57ryQT2gpsmXDKFb4Ni4he/Ti9bSUzdflcKkxtj9BIw9kKT1/R0Afp4dYp kbUMMl5n0/LczCvBdwGNiVGumTM9sMRZRSlXmaSnqGfZiEW/nR23rPI1DrNfgPnr x6wjnCtYDrTFsuDGGCpnwddY4HzuvA0wVJnTsef4vx57jYp4pXi1zTbajtWWGMLK KAM5O06iA4fHkQ8hDPbgu2ykFwGDZUh8QQC1UauFF0f1c+KAdbMjpwQWGQZDvQwW CkX4g3NyYT6jvwx/o9sHWPKcB/OVVm56eFP0LQlYmMCfi4QPRJ9GMFSDsNNWr9p4 o9elqdCyulRTTj6R1sNK =3NKN -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
