| From: | john melesky <list(at)phaedrusdeinus(dot)org> |
|---|---|
| To: | web(at)mr-paradox(dot)net |
| Cc: | pdxpug(at)postgresql(dot)org |
| Subject: | Re: Heads up on Postgres security release coming April 4, 2013 |
| Date: | 2013-04-04 18:41:45 |
| Message-ID: | 20130404184145.GB17047@phaedrusdeinus.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pdxpug |
> Can anyone confirm if this is the correct version for the security fix?
>
> postgresql92-server.x86_64 9.2.4-1PGDG.rhel6 @pgdg-92-centos
9.2.4 is the correct version, according to the release notice:
http://www.postgresql.org/about/news/1456/
> The pgdg repo shows it was last updated April 1, which doesn't seem correct.
According to the release FAQ (http://www.postgresql.org/support/security/faq/2013-04-04/):
> We have two teams that communicate on private lists hosted on the
> PGDG infrastructure. Both teams had access to the source code prior
> to the release of any packages for analyzing the security patch and
> then creating packages for distributing PostgreSQL binaries. These
> are our Security Team and our Packagers List. In both cases, these
> groups had early access in order to participate in patching the
> security hole.
So it's probably accurate.
-john
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Selena Deckelmann | 2013-04-04 18:45:30 | Re: Heads up on Postgres security release coming April 4, 2013 |
| Previous Message | web | 2013-04-04 18:37:05 | Re: Heads up on Postgres security release coming April 4, 2013 |