Re: postgresql-9.1 and postgresql-8.4 in Wheezy

Am 28. Mai 2017 16:11:47 MESZ schrieb Thorsten Alteholz : >Hi Christoph, > >ok, thanks for the clarification. > >On Wed, 24 May 2017, Christoph Berg wrote: >> postgresql-9.1 in wheezy is affected from my understanding of when >> pg_user_mappings was introduced. > >Do you want

Re: postgresql-9.1 and postgresql-8.4 in Wheezy

Hi Christoph, ok, thanks for the clarification. On Wed, 24 May 2017, Christoph Berg wrote: postgresql-9.1 in wheezy is affected from my understanding of when pg_user_mappings was introduced. Do you want to do the wheezy-security upload for CVE-2017-7486, or shall the LTS team take care of

Re: postgresql-9.1 and postgresql-8.4 in Wheezy

Re: Ola Lundqvist 2017-05-21

Re: postgresql-9.1 and postgresql-8.4 in Wheezy

Hi Thorsten I had a look into this and I'm not sure both statements are correct for Jessie. For CVE-2017-7486 I think the information in Jessie is wrong. The patched code is definitely there in wheezy at least. But maybe it is not triggered for some reason. For CVE-2017-7484 the code do not

postgresql-9.1 and postgresql-8.4 in Wheezy

Hi Christoph, CVE-2017-7486 and CVE-2017-7484 are marked as "not-affected" for postgresql-9.1 in Jessie. Can you please confirm that the same package in Wheezy is not affected as well? Do you also have an idea whether CVE-2017-7484 affects postgresql-8.4 in Wheezy? Thanks! Thorsten