Solved PostgreSQL vulnerability in branch 2018Q1

swegen · Feb 24, 2018

I'm using quarterly ports and this vulnerability in postgresql10-server was fixed to HEAD at 2018-02-08. It has now been more than two weeks without a Merge From Head (MFH) to the current quarterly branch.

These fixes to quarterly have usually taken about a week but this one is still lingering unfixed in the pkg audit report?

SirDice · Feb 25, 2018

Can't seem to find it either

Please report this to ports-secteam@FreeBSD.org, it looks like it slipped through the cracks.

swegen · Feb 25, 2018

Reported.

I previously sent one report to ports-secteam about node.js last December but got no response back.

tobik@ · Feb 25, 2018

swegen said:
Reported.

I previously sent one report to ports-secteam about node.js last December but got no response back.

Open a bug on https://bugs.freebsd.org and make it public. Make sure to CC both ports-secteam and the PostgreSQL maintainers and ask why they haven't requested an MFH.

swegen · Feb 25, 2018

tobik@ said:
Open a bug on https://bugs.freebsd.org and make it public. Make sure to CC both ports-secteam and the PostgreSQL maintainers and ask why they haven't requested an MFH.

Done. Here is the bug:
PR 226205

swegen · Feb 26, 2018

Fixed now.

Solved PostgreSQL vulnerability in branch 2018Q1

swegen

SirDice

Administrator

swegen

tobik@

swegen

swegen