[GTALUG] Debian postgresql security advisory
Lennart Sorensen
lsorense at csclub.uwaterloo.ca
Tue Aug 16 12:01:46 EDT 2016
On Thu, Aug 11, 2016 at 05:27:00PM -0400, Giles Orr via talk wrote:
> Debian issued a security advisory for postgresql today:
> https://www.debian.org/security/2016/dsa-3646 . So I want to upgrade
> my pgsql install on stable. The advisory says "these problems have
> been fixed in version 9.4.9-0+deb8u1." I upgraded, and found myself
> with version 9.4+165+deb8u1. And this has me very confused,
> particularly since the online database (
> https://packages.debian.org/search?searchon=sourcenames&keywords=postgresql-9.4
> ) shows the jessie version recommended by the advisory. If I run
> "lsb_release -c" I get "Codename: jessie" in response. The
> sources.list is basic but complete(?):
>
> deb http://http.debian.net/debian jessie main
> deb http://security.debian.org/ jessie/updates main
> deb http://http.debian.net/debian jessie-updates main
>
> (I've left out the deb-src statements.)
>
> First, why the discrepancy? Second, where do I go to find out what
> went into the current package? ie. is there a place to look that will
> say "9.4+165+deb8u1 was compiled for X reason?"
>
> I installed a new virtual machine from a fresh download of
> debian-8.5.0-amd64-netinst.iso. A final "apt-get update ; apt-get
> dist-upgrade" finds me at the same 9.4+165+deb8u1.
Make sure you don't mix up the packages:
postgresql
postgresql-9.4
The first is a meta package, the second is the actual database.
postgresql simply depends on the current version, which is postgresql-9.4
in Jessie.
--
Len Sorensen
More information about the talk
mailing list