Upcoming PostgreSQL Security Release: April 4, 2013

[araxon]

Hi. I was wondering, if this is being properly addressed in Gentoo:

Upcoming PostgreSQL Security Release: April 4, 2013

In short: there has been some serious security bug(s) found in PostgreSQL Server and the sources are now locked, while the binary distributions prepare their packages to be released on April 4th. Can we expect the solution to be available for Gentoo users too, on April 4th?

Further reading: Magnus Hagander's PostgreSQL blog.

[djdunn]

I would assume the maintainers would put it up fairly shorty after release
_________________
“Music is a moral law. It gives a soul to the Universe, wings to the mind, flight to the imagination, a charm to sadness, gaiety and life to everything. It is the essence of order, and leads to all that is good and just and beautiful.”

― Plato

[limn]

You could try contacting the maintainers directly

http://www.gentoo.org/proj/en/metastructure/herds/herds.xml

You might be better off submitting a bug

https://bugs.gentoo.org/

giving them the pertinent information and requesting that they implement the security fix as soon as possible.
djdunn is probably right and they are already aware, but it will not hurt to submit a bug.

[baaann]

Looks like its in hand

https://plus.google.com/communities/100146718762350759856/stream/7821a50c-248b-47cc-8a71-96cc620d3bd8

[araxon]

[destroyedlolo]

The new version has just been announced.
Fortunately, the risk is only when someone create its own access to the DB ... which limit the risk for end-user opened applications.