Hi security team, I backported the relevant changes from 7.4.13 and put the sarge security update to [1]. This time, just putting 7.4.13 into sarge-security would even have been safer IMHO, and that's what users would want anyway, but we already had this discussion several times, so I only ported the security fixes and a very simple, but important bug fix.
The debdiff is available [2], but believe me, you do not really want to look at it. You have been warned! :) The package passes the upstream test suite, the same patches thrown onto 7.4.8 (which Ubuntu uses in version 5.04) pass my own test suite in postgresql-common, and the exploit does not work any more, so I'm fairly sure that it doesn't break too much. Please feel free to just upload the provided package, or tell me how to proceed. Thank you! Martin [1] http://people.debian.org/~mpitt/psql-sarge/ [2] http://people.debian.org/~mpitt/psql-sarge/postgresql_7.4.7-6sarge2.debdiff -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature