Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tCNff-000ImR-Ay for pgsql-pkg-debian@arkaria.postgresql.org; Sat, 16 Nov 2024 18:37:22 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tCNfc-00FQx4-Od for pgsql-pkg-debian@arkaria.postgresql.org; Sat, 16 Nov 2024 18:37:21 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tCNfc-00FQww-IU for pgsql-pkg-debian@lists.postgresql.org; Sat, 16 Nov 2024 18:37:21 +0000 Received: from stravinsky.debian.org ([2001:41b8:202:deb::311:108]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tCNfZ-002IY4-GH for pgsql-pkg-debian@lists.postgresql.org; Sat, 16 Nov 2024 18:37:20 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.stravinsky; h=X-Debian-User:In-Reply-To:Content-Transfer-Encoding: Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date: Reply-To:Content-ID:Content-Description; bh=hQnyquGE4qypi8I9kTH52UpR9gbVSUHdiX714erYtSM=; b=IKT7E5CJJ6/61Ls7hL24qWGU3q IYgX2xI0VtpYzKfQnyolVc95nqHL4PbOeppMGxegHDndVlD/O8Iurrib5Ci8BnIyy31MIEFjlNjqw C/mbTD+yNChYD6Ex7INfC6QQfQIVgLuGyKdVvtJRGVo6wB3O/jqy7bY6t8pan3atQ+NvVHiduRA5s P80X/AWQz+B/es5t59l5J8XDeyf3YPBxdfsegiyAaZ/Z6LCgYqfI5hSbpH5zVxiukAHUM7pLJL1zO UuGNuN4JwayFzIvmaMG93FjuSdtA8+NVJGwHo+0O7EQVxHrCDSu7Juuyy2HtJjeiUq9SDUKbWjx+B JmFs52AQ==; Received: from authenticated user by stravinsky.debian.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.94.2) (envelope-from ) id 1tCNfZ-004uoc-QJ; Sat, 16 Nov 2024 18:37:18 +0000 Date: Sat, 16 Nov 2024 19:37:17 +0100 From: Christoph Berg To: Debian Security Team Cc: PostgreSQL in Debian Subject: PostgreSQL security updates are re-wrapped Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Debian-User: myon List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk (I replied to the wrong old mail, the issue is in the current minor releases, released 2024-11-14.) Re: To Debian Security Team > Re: Moritz Mühlenhoff > > DSAs have been released, thanks! > > Unfortunately there is an ABI change in the last minors that has > greater impact than originally planned. > > The effect is that some extensions need recompilation against the new > version (after which they will no longer work with the old version). > In Debian, timescaledb and, to a lesser extend, postgresql-16-age are > affected, but both are only part of testing, not stable. > > (See https://qa.debian.org/excuses.php?package=postgresql-17 where the > timescaledb problem shows up as regression.) > > A new round of releases is planned for next week to revert that part. > > Since we can't tell what 3rd-party extensions people are using with > the Debian packages it would be prudent to release that update as a > DSA update. > > PostgreSQL is well aware that problems like that shouldn't happen and > the already existing ABI checking will be done even stricter in the > future, both manually and automated. > > Sorry for the trouble, > Christoph Christoph