From: | David Kerr <dmk(at)mr-paradox(dot)net> |
---|---|
To: | john melesky <list(at)phaedrusdeinus(dot)org> |
Cc: | web(at)mr-paradox(dot)net, pdxpug(at)postgresql(dot)org |
Subject: | Re: Heads up on Postgres security release coming April 4, 2013 |
Date: | 2013-04-04 18:52:39 |
Message-ID: | 20130404185239.GA81713@mr-paradox.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pdxpug |
On Thu, Apr 04, 2013 at 06:41:45PM +0000, john melesky wrote:
- > Can anyone confirm if this is the correct version for the security fix?
- >
- > postgresql92-server.x86_64 9.2.4-1PGDG.rhel6 @pgdg-92-centos
-
- 9.2.4 is the correct version, according to the release notice:
-
- http://www.postgresql.org/about/news/1456/
Yeah, but it also says it affects 9.2.4:
"The PostgreSQL Global Development Group has released a security update to all current versions of the
PostgreSQL database system, including versions 9.2.4"
- > The pgdg repo shows it was last updated April 1, which doesn't seem correct.
-
- According to the release FAQ (http://www.postgresql.org/support/security/faq/2013-04-04/):
-
- > We have two teams that communicate on private lists hosted on the
- > PGDG infrastructure. Both teams had access to the source code prior
- > to the release of any packages for analyzing the security patch and
- > then creating packages for distributing PostgreSQL binaries. These
- > are our Security Team and our Packagers List. In both cases, these
- > groups had early access in order to participate in patching the
- > security hole.
-
- So it's probably accurate.
I did read that too, but I was just expecting a modified date of today.
Thanks though, I think you're right and that is the correct one.
From | Date | Subject | |
---|---|---|---|
Next Message | Selena Deckelmann | 2013-04-04 18:55:06 | Re: Heads up on Postgres security release coming April 4, 2013 |
Previous Message | Selena Deckelmann | 2013-04-04 18:45:30 | Re: Heads up on Postgres security release coming April 4, 2013 |