Bug#368645: CVE-2006-2313, CVE-2006-2314: encoding conflicts - sarge security update finished
Hi Joey, Martin Schulze [2006-05-28 19:37 +0200]: [1] http://people.debian.org/~mpitt/psql-sarge/ [2] http://people.debian.org/~mpitt/psql-sarge/postgresql_7.4.7-6sarge2.debdiff Thanks a lot. However, could you redo the (source) package without the arch crap inside? There is no arch stuff inside (I don't even use arch any more). I also cleaned the debdiff (I just checked again). However, the -sarge1 version had arch stuff, maybe you did a debdiff on your own and stumbled over that? Martin -- Martin Pitthttp://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates? signature.asc Description: Digital signature
Bug#368645: CVE-2006-2313, CVE-2006-2314: encoding conflicts - sarge security update finished
Martin Pitt wrote: Hi Joey, Martin Schulze [2006-05-28 19:37 +0200]: [1] http://people.debian.org/~mpitt/psql-sarge/ [2] http://people.debian.org/~mpitt/psql-sarge/postgresql_7.4.7-6sarge2.debdiff Thanks a lot. However, could you redo the (source) package without the arch crap inside? There is no arch stuff inside (I don't even use arch any more). I also cleaned the debdiff (I just checked again). However, the -sarge1 version had arch stuff, maybe you did a debdiff on your own and stumbled over that? Yup. I see. In that case the arch stuff should be kept so the patch is not cluttered. Regards, Joey -- Ten years and still binary compatible. -- XFree86 Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#368645: CVE-2006-2313, CVE-2006-2314: encoding conflicts - sarge security update finished
Hi, Martin Schulze [2006-05-29 15:25 +0200]: Martin Pitt wrote: Hi Joey, Martin Schulze [2006-05-28 19:37 +0200]: [1] http://people.debian.org/~mpitt/psql-sarge/ [2] http://people.debian.org/~mpitt/psql-sarge/postgresql_7.4.7-6sarge2.debdiff Thanks a lot. However, could you redo the (source) package without the arch crap inside? There is no arch stuff inside (I don't even use arch any more). I also cleaned the debdiff (I just checked again). However, the -sarge1 version had arch stuff, maybe you did a debdiff on your own and stumbled over that? Yup. I see. In that case the arch stuff should be kept so the patch is not cluttered. I can't, sorry. I killed the arch repo months ago. The debdiff in [2] does not contain arch spewage. Martin -- Martin Pitthttp://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates? signature.asc Description: Digital signature
Bug#368645: CVE-2006-2313, CVE-2006-2314: encoding conflicts - sarge security update finished
Hi security team, I backported the relevant changes from 7.4.13 and put the sarge security update to [1]. This time, just putting 7.4.13 into sarge-security would even have been safer IMHO, and that's what users would want anyway, but we already had this discussion several times, so I only ported the security fixes and a very simple, but important bug fix. The debdiff is available [2], but believe me, you do not really want to look at it. You have been warned! :) The package passes the upstream test suite, the same patches thrown onto 7.4.8 (which Ubuntu uses in version 5.04) pass my own test suite in postgresql-common, and the exploit does not work any more, so I'm fairly sure that it doesn't break too much. Please feel free to just upload the provided package, or tell me how to proceed. Thank you! Martin [1] http://people.debian.org/~mpitt/psql-sarge/ [2] http://people.debian.org/~mpitt/psql-sarge/postgresql_7.4.7-6sarge2.debdiff -- Martin Pitthttp://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates? signature.asc Description: Digital signature
Bug#368645: CVE-2006-2313, CVE-2006-2314: encoding conflicts - sarge security update finished
Martin Pitt wrote: Hi security team, I backported the relevant changes from 7.4.13 and put the sarge security update to [1]. This time, just putting 7.4.13 into sarge-security would even have been safer IMHO, and that's what users would want anyway, but we already had this discussion several times, so I only ported the security fixes and a very simple, but important bug fix. The debdiff is available [2], but believe me, you do not really want to look at it. You have been warned! :) The package passes the upstream test suite, the same patches thrown onto 7.4.8 (which Ubuntu uses in version 5.04) pass my own test suite in postgresql-common, and the exploit does not work any more, so I'm fairly sure that it doesn't break too much. Please feel free to just upload the provided package, or tell me how to proceed. Thank you! Martin [1] http://people.debian.org/~mpitt/psql-sarge/ [2] http://people.debian.org/~mpitt/psql-sarge/postgresql_7.4.7-6sarge2.debdiff Thanks a lot. However, could you redo the (source) package without the arch crap inside? Regards, Joey -- A mathematician is a machine for converting coffee into theorems. Paul Erdös Please always Cc to me when replying to me on the lists.
