My apologies for confusion over version – I meant 4.3, not 4.4 We support/ship 4.3 to our customers right now – we will be moving to 4.4 later this year
[oracle-email-sig-198324-355094] Gregory King | Software Development Manager | +1.303.272.2427 Oracle Virtualization Sustaining Engineering 500 Eldorado Boulevard Build 5 | Broomfield Colorado 80021 Mobile: +1.303.968.8169 | Fax: +1.303.272.2427 From: Sandro Bonazzola [mailto:[email protected]] Sent: Monday, May 24, 2021 12:26 AM To: Greg King <[email protected]> Cc: [email protected]; John Priest <[email protected]>; Shubha Kulkarni <[email protected]>; Cameron Tarvin <[email protected]> Subject: [External] : Re: [ovirt-devel] Security question: rh-postgresql10-postgresql-10.6-1 Il giorno dom 23 mag 2021 alle ore 09:25 Greg King <[email protected]<mailto:[email protected]>> ha scritto: Situation: We have a couple customer bugs where the current version of rh-postgresql10 is getting flagged in security scans: rh-postgresql10-postgresql-10.6-1.el7.x86_64 We noticed from this Red Hat security advisory that the security problem is resolved with this version of the package: • Advisory: https://access.redhat.com/errata/RHSA-2020:5316<https://urldefense.com/v3/__https:/access.redhat.com/errata/RHSA-2020:5316__;!!GqivPVa7Brio!NVQI6U0svWCuFvHTLcVu8nvX5Q7-Q7e5FPQlCWJ_1FpDl_VmNuiNS4Oq8X4K8d-V$> • Package: rh-postgresql10-postgresql-10.15-1.el7.x86_64 However, oVirt 4.4 still includes 10.6-1 and not 10.15-1 Please note oVirt 4.4 is not using PostgreSQL 10, it's using 12. For instance, 4.4.6 appliance uses: postgresql-12.5-1.module_el8.4.0+597+7b8b5722.x86_64 postgresql-contrib-12.5-1.module_el8.4.0+597+7b8b5722.x86_64 postgresql-server-12.5-1.module_el8.4.0+597+7b8b5722.x86_64 Question: We need to let customers know why rh-postgresql10-postgresql-10.15-1.el7.x86_64 is not included with the latest errata release of oVirt 4.4 Is there an written policy or communication from the community one way or the other regarding the security vulnerability resolved with rh-postgresql10-postgresql-10.15-1.el7.x86_64? (IE: it was reviewed and found not to be applicable, it will be in the next errata release, etc – something along those lines) [oracle-email-sig-198324-355094] Gregory King | Software Development Manager | +1.303.272.2427 Oracle Virtualization Sustaining Engineering 500 Eldorado Boulevard Build 5 | Broomfield Colorado 80021 Mobile: +1.303.968.8169 | Fax: +1.303.272.2427 _______________________________________________ Devel mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Privacy Statement: https://www.ovirt.org/privacy-policy.html<https://urldefense.com/v3/__https:/www.ovirt.org/privacy-policy.html__;!!GqivPVa7Brio!NVQI6U0svWCuFvHTLcVu8nvX5Q7-Q7e5FPQlCWJ_1FpDl_VmNuiNS4Oq8WfbW-FX$> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/<https://urldefense.com/v3/__https:/www.ovirt.org/community/about/community-guidelines/__;!!GqivPVa7Brio!NVQI6U0svWCuFvHTLcVu8nvX5Q7-Q7e5FPQlCWJ_1FpDl_VmNuiNS4Oq8c8_jj4z$> List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/ND2737GQUTMJRI4N5E3AS4NP5S3RG33O/<https://urldefense.com/v3/__https:/lists.ovirt.org/archives/list/[email protected]/message/ND2737GQUTMJRI4N5E3AS4NP5S3RG33O/__;!!GqivPVa7Brio!NVQI6U0svWCuFvHTLcVu8nvX5Q7-Q7e5FPQlCWJ_1FpDl_VmNuiNS4Oq8V2zvisq$> -- Sandro Bonazzola MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV Red Hat EMEA<https://urldefense.com/v3/__https:/www.redhat.com/__;!!GqivPVa7Brio!NVQI6U0svWCuFvHTLcVu8nvX5Q7-Q7e5FPQlCWJ_1FpDl_VmNuiNS4Oq8T20nAPT$> [email protected]<mailto:[email protected]> [https://static.redhat.com/libs/redhat/brand-assets/2/corp/logo--200.png]<https://urldefense.com/v3/__https:/www.redhat.com/__;!!GqivPVa7Brio!NVQI6U0svWCuFvHTLcVu8nvX5Q7-Q7e5FPQlCWJ_1FpDl_VmNuiNS4Oq8T20nAPT$> Red Hat respects your work life balance. Therefore there is no need to answer this email out of your office hours. <https://urldefense.com/v3/__https:/mojo.redhat.com/docs/DOC-1199578__;!!GqivPVa7Brio!NVQI6U0svWCuFvHTLcVu8nvX5Q7-Q7e5FPQlCWJ_1FpDl_VmNuiNS4Oq8bInOKQO$>
_______________________________________________ Devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/KKTSZPU6PWJDQINC5R62JPBSK4VUESCD/
