Re: PostgreSQL CVE-2024-7348 today

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Moritz Mühlenhoff <[email protected]>
To: Christoph Berg <[email protected]>
Cc: Debian Security Team <[email protected]>
Cc: PostgreSQL in Debian <[email protected]>
Subject: Re: PostgreSQL CVE-2024-7348 today
Date: Sat, 16 Nov 2024 20:11:28 +0000
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
	<[email protected]>
	<[email protected]>

On Sat, Nov 16, 2024 at 07:35:20PM +0100, Christoph Berg wrote:
> Re: Moritz Mühlenhoff
> > DSAs have been released, thanks!
> 
> Unfortunately there is an ABI change in the last minors that has
> greater impact than originally planned.
> 
> The effect is that some extensions need recompilation against the new
> version (after which they will no longer work with the old version).
> In Debian, timescaledb and, to a lesser extend, postgresql-16-age are
> affected, but both are only part of testing, not stable.
> 
> (See https://qa.debian.org/excuses.php?package=postgresql-17 where the
> timescaledb problem shows up as regression.)
> 
> A new round of releases is planned for next week to revert that part.
> 
> Since we can't tell what 3rd-party extensions people are using with
> the Debian packages it would be prudent to release that update as a
> DSA update.
> 
> PostgreSQL is well aware that problems like that shouldn't happen and
> the already existing ABI checking will be done even stricter in the
> future, both manually and automated.

Ok, no problem. We'll release that revised update via bookworm-security
as well, then.

Cheers,
        Moritz

view thread (5+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected]
  Subject: Re: PostgreSQL CVE-2024-7348 today
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox