Re: Heads up on Postgres security release coming April 4, 2013

On Thu, Apr 04, 2013 at 06:41:45PM +0000, john melesky wrote:
- > Can anyone confirm if this is the correct version for the security fix?
- >
- > postgresql92-server.x86_64 9.2.4-1PGDG.rhel6 @pgdg-92-centos
-
- 9.2.4 is the correct version, according to the release notice:
-
- http://www.postgresql.org/about/news/1456/

Yeah, but it also says it affects 9.2.4:
"The PostgreSQL Global Development Group has released a security update to all current versions of the
PostgreSQL database system, including versions 9.2.4"

- > The pgdg repo shows it was last updated April 1, which doesn't seem correct.
-
- According to the release FAQ (http://www.postgresql.org/support/security/faq/2013-04-04/):
-
- > We have two teams that communicate on private lists hosted on the
- > PGDG infrastructure. Both teams had access to the source code prior
- > to the release of any packages for analyzing the security patch and
- > then creating packages for distributing PostgreSQL binaries. These
- > are our Security Team and our Packagers List. In both cases, these
- > groups had early access in order to participate in patching the
- > security hole.
-
- So it's probably accurate.

I did read that too, but I was just expecting a modified date of today.

Thanks though, I think you're right and that is the correct one.