Control: tags -1 + confirmed On Tue, 2020-09-22 at 22:22 +0200, Chris Hofstaedtler wrote: > Fixes for low-severity issues CVE-2019-10203 and CVE-2020-17482. > Both using upstream patches for the 4.1 branch.
Please go ahead. > Maybe it should be pointed out in the stable update notes that > manual action is needed to remedy CVE-2019-10203 for existing > installations using postgres. "Manual schema update required for > PostgreSQL"? We could, but I'm not sure how many people actually read the fine print of the announcement mails, particularly in sections that they expect to be boilerplate. I was wondering if it was worth a d/NEWS entry, although that would obviously be potentially annoying if it ends up being shown to users who don't have the relevant binary package installd. Regards, Adam