This got released by upstream now, so I'm marking the bug public. I checked if our pre-generated release links work and they do, so no changelog changes necessary.
Upstream lists two more CVEs at [1], but those are for other installers - no need to modify our prepared packages. We compared the released with the pre-tarballs that we tested and they are identical [2] (thanks Andreas for checking) Due to that I'd ask to release the builds in [3] Assigning to Marc to consider that. [1]: https://www.postgresql.org/about/news/1939/ [2]: https://pastebin.ubuntu.com/p/HYVBM46zX6/ [3]: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3721 ** Information type changed from Private Security to Public Security ** Changed in: postgresql-10 (Ubuntu Bionic) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: postgresql-10 (Ubuntu Cosmic) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: postgresql-11 (Ubuntu Disco) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: postgresql-9.5 (Ubuntu Xenial) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1828012 Title: New upstream microreleases 9.5.17, 10.8 and 11.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postgresql-11/+bug/1828012/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
