| From: | "Daniel Verite" <daniel(at)manitou-mail(dot)org> |
|---|---|
| To: | "PostgreSQL General" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: postgresql command line exploit found in the wild |
| Date: | 2013-04-08 15:48:08 |
| Message-ID: | cd81d201-e9fa-4567-ac49-e3e762935747@mm |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Merlin Moncure wrote:
> if you have an internet facing database, patch it immediately!
By the way:
People running 9.1 on debian stable (squeeze) typically use this package:
http://packages.debian.org/squeeze-backports/postgresql-9.1
Currently, it looks like the fix is only available in pre-compiled form for
the amd64 architecture (see the bottom of the page). All other archs
including the popular i386 are stuck at version: 9.1.7-1~bpo60+1
I find it problematic. One can always switch to the new apt.postgresql.org
repository that has the latest versions, but how many people are going to not
even notice the problem, trusting their normal upgrade path?
Best regards,
--
Daniel
PostgreSQL-powered mail user agent and storage: http://www.manitou-mail.org
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2013-04-08 15:54:32 | Re: postgresql command line exploit found in the wild |
| Previous Message | Shaun Thomas | 2013-04-08 15:40:16 | Re: Backup advice |