Situation:
We have a couple customer bugs where the current version of rh-postgresql10 is getting flagged in security scans:
rh-postgresql10-postgresql-10.6-1.el7.x86_64
We noticed from this Red Hat security advisory that the security problem is resolved with this version of the package:
· Advisory: https://access.redhat.com/errata/RHSA-2020:5316
· Package: rh-postgresql10-postgresql-10.15-1.el7.x86_64
However, oVirt 4.4 still includes 10.6-1 and not 10.15-1
postgresql-contrib-12.5-1.module_el8.4.0+597+7b8b5722.x86_64
postgresql-server-12.5-1.module_el8.4.0+597+7b8b5722.x86_64
_______________________________________________
Question:
We need to let customers know why rh-postgresql10-postgresql-10.15-1.el7.x86_64 is not included with the latest errata release of oVirt 4.4
Is there an written policy or communication from the community one way or the other regarding the security vulnerability resolved with rh-postgresql10-postgresql-10.15-1.el7.x86_64? (IE: it was reviewed and found not to be applicable, it will be in the next errata release, etc – something along those lines)
Gregory King | Software Development Manager | +1.303.272.2427
Oracle Virtualization Sustaining Engineering
500 Eldorado Boulevard Build 5 | Broomfield Colorado 80021
Mobile: +1.303.968.8169 | Fax: +1.303.272.2427
Devel mailing list -- devel@ovirt.org
To unsubscribe send an email to devel-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/ND2737GQUTMJRI4N5E3AS4NP5S3RG33O/
