| From: | Moritz Mühlenhoff <jmm(at)inutil(dot)org> |
|---|---|
| To: | Christoph Berg <myon(at)debian(dot)org> |
| Cc: | Debian Security Team <team(at)security(dot)debian(dot)org>, PostgreSQL in Debian <pgsql-pkg-debian(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: PostgreSQL CVE-2024-7348 today |
| Date: | 2024-11-16 20:11:28 |
| Message-ID: | Zzj8cMUb4oxtl8js@inutil.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-pkg-debian |
On Sat, Nov 16, 2024 at 07:35:20PM +0100, Christoph Berg wrote:
> Re: Moritz Mühlenhoff
> > DSAs have been released, thanks!
>
> Unfortunately there is an ABI change in the last minors that has
> greater impact than originally planned.
>
> The effect is that some extensions need recompilation against the new
> version (after which they will no longer work with the old version).
> In Debian, timescaledb and, to a lesser extend, postgresql-16-age are
> affected, but both are only part of testing, not stable.
>
> (See https://qa.debian.org/excuses.php?package=postgresql-17 where the
> timescaledb problem shows up as regression.)
>
> A new round of releases is planned for next week to revert that part.
>
> Since we can't tell what 3rd-party extensions people are using with
> the Debian packages it would be prudent to release that update as a
> DSA update.
>
> PostgreSQL is well aware that problems like that shouldn't happen and
> the already existing ABI checking will be done even stricter in the
> future, both manually and automated.
Ok, no problem. We'll release that revised update via bookworm-security
as well, then.
Cheers,
Moritz
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Vincent Jaubert | 2024-11-17 11:00:58 | Storing config in the data directory |
| Previous Message | Christoph Berg | 2024-11-16 18:37:17 | PostgreSQL security updates are re-wrapped |