On Sun, Oct 11, 2015 at 8:54 PM, Greg Sabino Mullane <g...@endpoint.com> wrote: > The release notes for the new version reference some CVEs that > have not been publically released yet. Are they slow, or is > this something that needs to be added to the release > process checklist?
My guess is that they are simply slow to refresh. If you look at RedHat stuff they mark those CVEs with the same numbers in their bug tracker (the database is not updated though). https://access.redhat.com/security/cve/CVE-2015-5288 https://access.redhat.com/security/cve/CVE-2015-5289 > It's also possible the wrong CVE was entered, but I don't see > one that seems to pertain to the issue described (and > CVE-2015-5288, -3166, -3167, -0243, -0244 are in the same boat). As is CVE-2015-0241, which dates of February. This is way more than slow... Perhaps we should contact cve at mitre dot org regarding that. Thoughts? -- Michael -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers