ubuntu-docker-images team mailing list archive
-
ubuntu-docker-images team
-
Mailing list archive
-
Message #00101
Re: postgres contains outdated Ubuntu packages
-
To:
ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
-
From:
Sergio Durigan Junior <sergio.durigan@xxxxxxxxxxxxx>
-
Date:
Fri, 12 Nov 2021 18:48:32 -0500
-
In-reply-to:
<618df786.1c69fb81.692e5.fbdcSMTPIN_ADDED_MISSING@mx.google.com> (security-team-toolbox-bot@canonical.com's message of "Thu, 11 Nov 2021 21:11:34 -0800 (PST)")
-
User-agent:
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
On Friday, November 12 2021, security-team-toolbox-bot@xxxxxxxxxxxxx wrote:
> A scan of this rock shows that it was built with packages from the Ubuntu
> archive that have since received security updates. The following lists new
> USNs for affected binary packages in each rock revision:
>
> Revision r14ae0d6eef6d (ppc64le; channels: 12-20.04_edge, 12-20.04_beta)
> * libpq5: 5145-1
> * postgresql-12: 5145-1
> * postgresql-client-12: 5145-1
>
> Revision r606b230cfbcb (arm64; channels: 13-21.04_edge, 13-21.04_beta)
> * libpq5: 5145-1
> * postgresql-13: 5145-1
> * postgresql-client-13: 5145-1
>
> Revision r74e5e6bbc5d2 (arm64; channels: 12-20.04_edge, 12-20.04_beta)
> * libpq5: 5145-1
> * postgresql-12: 5145-1
> * postgresql-client-12: 5145-1
>
> Revision r7e9c78601f4c (s390x; channels: 13-21.04_edge, 13-21.04_beta)
> * libpq5: 5145-1
> * postgresql-13: 5145-1
> * postgresql-client-13: 5145-1
>
> Revision r961876d222be (amd64; channels: 13-21.04_edge, 13-21.04_beta)
> * libpq5: 5145-1
> * postgresql-13: 5145-1
> * postgresql-client-13: 5145-1
>
> Revision r9ad837c55364 (ppc64le; channels: 13-21.04_edge, 13-21.04_beta)
> * libpq5: 5145-1
> * postgresql-13: 5145-1
> * postgresql-client-13: 5145-1
>
> Revision racaac3270fa4 (s390x; channels: 12-20.04_edge, 12-20.04_beta)
> * libpq5: 5145-1
> * postgresql-12: 5145-1
> * postgresql-client-12: 5145-1
>
> Revision raf8cb25f01f1 (amd64; channels: 12-20.04_edge, 12-20.04_beta)
> * libpq5: 5145-1
> * postgresql-12: 5145-1
> * postgresql-client-12: 5145-1
>
> Simply rebuilding the rock will pull in the new security updates and
> resolve this. If your rock also contains vendored code, now might be a
> good time to review it for any needed updates.
These have been rebuilt & retagged.
On a side note, I talked to Emilia about the fact that we're not
receiving these emails on the ubuntu-docker-images mailing list. She
told me the security team is working towards moving this service to
another machine, and that she will make sure to add Athos' and Bryce's
emails when that happens. Meanwhile, she volunteered to forward these
messages to the ubuntu-docker-images ml.
Thanks,
--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14
