Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-pkg-debian-owner+archive@lists.postgresql.org>)
	id 1tCPaM-001EkR-GX
	for pgsql-pkg-debian@arkaria.postgresql.org; Sat, 16 Nov 2024 20:40:01 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-pkg-debian-owner+archive@lists.postgresql.org>)
	id 1tCPaJ-00FfkK-Io
	for pgsql-pkg-debian@arkaria.postgresql.org; Sat, 16 Nov 2024 20:40:00 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <jmm@inutil.org>)
	id 1tCP8n-00FbQH-Rh
	for pgsql-pkg-debian@lists.postgresql.org; Sat, 16 Nov 2024 20:11:34 +0000
Received: from vps-b7ad3695.vps.ovh.net ([51.38.114.215])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <jmm@inutil.org>)
	id 1tCP8j-002J8e-9E
	for pgsql-pkg-debian@lists.postgresql.org; Sat, 16 Nov 2024 20:11:32 +0000
Received: by vps-b7ad3695.vps.ovh.net (Postfix, from userid 1001)
	id 897593A; Sat, 16 Nov 2024 20:11:28 +0000 (UTC)
Date: Sat, 16 Nov 2024 20:11:28 +0000
From: Moritz =?iso-8859-1?Q?M=FChlenhoff?= <jmm@inutil.org>
To: Christoph Berg <myon@debian.org>
Cc: Debian Security Team <team@security.debian.org>,
	PostgreSQL in Debian <pgsql-pkg-debian@lists.postgresql.org>
Subject: Re: PostgreSQL CVE-2024-7348 today
Message-ID: <Zzj8cMUb4oxtl8js@inutil.org>
References: <ZrTK7iruFyVK7nIy@msg.df7cb.de>
 <ZrXWwoCWoxhAtGRl@pisco.westfalen.local>
 <Zzjl6LOGMZnB9MZu@msg.df7cb.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <Zzjl6LOGMZnB9MZu@msg.df7cb.de>
List-Id: <pgsql-pkg-debian.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-debian@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-debian-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-debian>
Archived-At: 
 <https://www.postgresql.org/message-id/Zzj8cMUb4oxtl8js%40inutil.org>
Precedence: bulk

On Sat, Nov 16, 2024 at 07:35:20PM +0100, Christoph Berg wrote:
> Re: Moritz Mühlenhoff
> > DSAs have been released, thanks!
> 
> Unfortunately there is an ABI change in the last minors that has
> greater impact than originally planned.
> 
> The effect is that some extensions need recompilation against the new
> version (after which they will no longer work with the old version).
> In Debian, timescaledb and, to a lesser extend, postgresql-16-age are
> affected, but both are only part of testing, not stable.
> 
> (See https://qa.debian.org/excuses.php?package=postgresql-17 where the
> timescaledb problem shows up as regression.)
> 
> A new round of releases is planned for next week to revert that part.
> 
> Since we can't tell what 3rd-party extensions people are using with
> the Debian packages it would be prudent to release that update as a
> DSA update.
> 
> PostgreSQL is well aware that problems like that shouldn't happen and
> the already existing ABI checking will be done even stricter in the
> future, both manually and automated.

Ok, no problem. We'll release that revised update via bookworm-security
as well, then.

Cheers,
        Moritz