Hi Christoph, On Wed, May 20, 2015 at 12:21:00PM +0200, Christoph Berg wrote: > Hi, > > PostgreSQL will be releasing new minor releases on Friday (usually > around 14 UTC+-1, that should be a good time for the DSAs). The > tarballs for the updates are not public yet, but the fixes are visible > in the upstream git, so there's no need to treat this as embargoed, > but there should still be a coordinated release. > > As usual, we have half a dozen packages to update. Unless otherwise > noted, the packages are all affected three CVEs. I'll push the > 9.4/unstable update in Friday. I can push the other packages earlier > for release on Friday if you permit.
Thanks for preparing those. Yes please go ahead, but see one small comment below. > > postgresql-9.4: > unstable+testing: 9.4.2-1 > jessie: 9.4.2-0+deb8u1 > > postgresql-9.1: > unstable+testing: plperl-only compatibility package: rather than > providing a fix I should use the opportunity to get the packages > removed there > jessie: plperl-only compatibility package, only affected by CVE-2015-3166 > 9.1.16-0+deb8u1 > wheezy: 9.1.16-0+deb7u1 Since those will have the same orig tarball and we are supporting both wheezy and jessie: https://wiki.debian.org/DebianSecurity/AdvisoryCreation/SecFull#Stable_and_oldstable_sharing_the_same_upstream_tarball so e.g. build first the jessie-security with full sources included, upload to security-master and wait until accepted (as you don't get the accepted mails) wait ~30 minutes for the turnaround queued-checking, dak moving to unchecked queue etc ...). Then upload the second one with, but this time do not include the orig sources. Otherwise this causes problems when pushing the packages from security-master to ftp-master. Thanks for your work! Regards, Salvatore _______________________________________________ Pkg-postgresql-public mailing list Pkg-postgresql-public@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-postgresql-public