| From: | Ziyun Audrey Wang <ziyun(dot)wang(at)ericsson(dot)com> |
|---|---|
| To: | "pgsql-pkg-yum(at)lists(dot)postgresql(dot)org" <pgsql-pkg-yum(at)lists(dot)postgresql(dot)org> |
| Cc: | Thierry Beauquier <thierry(dot)beauquier(at)ericsson(dot)com> |
| Subject: | FW: [SECURITY] Missing vendor name in postgresql96 rpms |
| Date: | 2017-12-11 12:57:52 |
| Message-ID: | DB5PR07MB0789241284D8FE8F598199D5E9370@DB5PR07MB0789.eurprd07.prod.outlook.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-pkg-yum |
Hello
We are using the following postgresql rpms, we download from https://yum.postgresql.org/9.6/redhat/rhel-6.6-x86_64/
postgresql96-libs-9.6.6-1PGDG.rhel6.x86_64
postgresql96-server-9.6.6-1PGDG.rhel6.x86_64
postgresql96-9.6.6-1PGDG.rhel6.x86_64
postgresql96-contrib-9.6.6-1PGDG.rhel6.x86_64
The following rpms does not have any vendor name. It is needed for the SVL (Software Vendor List)
(none),postgresql96,9.6.6
(none),postgresql96-contrib,9.6.6
(none),postgresql96-libs,9.6.6
(none),postgresql96-server,9.6.6
rpm -qi postgresql96
Name : postgresql96 Relocations: (not relocatable)
Version : 9.6.6 Vendor: (none)
Note that as part of our security process, it is needed to report all used 3PP in order to be informed automatically of any new vulnerability (CVE) . The database needs Vendor, Name and Version from the rpm as input and actually it is needed to add manually a Vendor for postgresql rpm before uploading the information otherwise the upload would failed.
Thanks!
Best Regards
Audrey
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Devrim Gündüz | 2017-12-11 23:49:07 | Re: 9.3 RPMs not signed |
| Previous Message | Pierre-Alain TORET | 2017-12-11 10:00:35 | Re: patch postgres user .bash_profile |