Il giorno dom 23 mag 2021 alle ore 09:25 Greg King <[email protected]> ha scritto:
> *Situation:* > > > > We have a couple customer bugs where the current version of > rh-postgresql10 is getting flagged in security scans: > > > > rh-postgresql10-postgresql-10.6-1.el7.x86_64 > > > > We noticed from this Red Hat security advisory that the security problem > is resolved with this version of the package: > > > > · Advisory: *https://access.redhat.com/errata/RHSA-2020:5316 > <https://access.redhat.com/errata/RHSA-2020:5316>* > > · Package: rh-postgresql10-postgresql-10.15-1.el7.x86_64 > > > > However, oVirt 4.4 still includes 10.6-1 and not 10.15-1 > Please note oVirt 4.4 is not using PostgreSQL 10, it's using 12. For instance, 4.4.6 appliance uses: postgresql-12.5-1.module_el8.4.0+597+7b8b5722.x86_64 postgresql-contrib-12.5-1.module_el8.4.0+597+7b8b5722.x86_64 postgresql-server-12.5-1.module_el8.4.0+597+7b8b5722.x86_64 > > > *Question:* > > > > We need to let customers know why > rh-postgresql10-postgresql-10.15-1.el7.x86_64 is not included with the > latest errata release of oVirt 4.4 > > > > Is there an written policy or communication from the community one way or > the other regarding the security vulnerability resolved with > rh-postgresql10-postgresql-10.15-1.el7.x86_64? (IE: it was reviewed and > found not to be applicable, it will be in the next errata release, etc – > something along those lines) > > > > > > [image: oracle-email-sig-198324-355094] > > Gregory King | Software Development Manager | +1.303.272.2427 > > Oracle Virtualization Sustaining Engineering > > 500 Eldorado Boulevard Build 5 | Broomfield Colorado 80021 > > Mobile: +1.303.968.8169 | Fax: +1.303.272.2427 > > > _______________________________________________ > Devel mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/[email protected]/message/ND2737GQUTMJRI4N5E3AS4NP5S3RG33O/ > -- Sandro Bonazzola MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV Red Hat EMEA <https://www.redhat.com/> [email protected] <https://www.redhat.com/> *Red Hat respects your work life balance. Therefore there is no need to answer this email out of your office hours. <https://mojo.redhat.com/docs/DOC-1199578>*
_______________________________________________ Devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/CCIM2O3A7HT4CFORZRR3LYWWGDML4AGB/
