From owner-freebsd-ports@FreeBSD.ORG Sun Apr 11 13:34:09 2010 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 220DE1065670 for ; Sun, 11 Apr 2010 13:34:09 +0000 (UTC) (envelope-from ml@netfence.it) Received: from cp-out7.libero.it (cp-out7.libero.it [212.52.84.107]) by mx1.freebsd.org (Postfix) with ESMTP id AC1A28FC0A for ; Sun, 11 Apr 2010 13:34:08 +0000 (UTC) Received: from soth.ventu (151.51.27.117) by cp-out7.libero.it (8.5.107) id 4BBC729A00BDC7CB; Sun, 11 Apr 2010 15:32:55 +0200 Received: from alamar.ventu (alamar.ventu [10.1.2.18]) by soth.ventu (8.14.4/8.14.3) with ESMTP id o3BDWrtZ045644; Sun, 11 Apr 2010 15:32:54 +0200 (CEST) (envelope-from ml@netfence.it) Message-ID: <4BC1CF85.30806@netfence.it> Date: Sun, 11 Apr 2010 15:32:53 +0200 From: Andrea Venturoli User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; it-IT; rv:1.9.1.9) Gecko/20100402 Thunderbird/3.0.4 MIME-Version: 1.0 To: freebsd-ports@freebsd.org, gary.jennejohn@freenet.de, alp@rsu.ru References: <4BAB6135.4030800@rsu.ru> <20100325154420.6c91a7b9@ernst.jennejohn.org> <20100325162831.GB24672@lonesome.com> In-Reply-To: <20100325162831.GB24672@lonesome.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: postgres and CVE-2010-0442 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Apr 2010 13:34:09 -0000 On 03/25/10 17:28, Mark Linimon wrote: > On Thu, Mar 25, 2010 at 03:44:20PM +0100, Gary Jennejohn wrote: >> It's only been a week since it was assigned to the maintainer (girgen@) >> to look at. >> >> It's too soon for a maintainer timeout, although I suppose if this is >> considered to be an enormous security risk it could be committed without >> waiting. > > I'd say go ahead and commit it. We often waive the two-week period for > security problems. Sorry to step in. 8.4 has been corrected since a while, but what about 8.2 and 8.3? Is the new (non vulnerable) version going to arrive in the port tree anytime soon or should we plan a version upgrade? bye & Thanks av.