Situation:

 

We have a couple customer bugs where the current version of rh-postgresql10 is getting flagged in security scans:

 

rh-postgresql10-postgresql-10.6-1.el7.x86_64

 

We noticed from this Red Hat security advisory that the security problem is resolved with this version of the package:

 

·         Advisory: https://access.redhat.com/errata/RHSA-2020:5316

·         Package: rh-postgresql10-postgresql-10.15-1.el7.x86_64

 

However, oVirt 4.4 still includes 10.6-1 and not 10.15-1

 

Question:

 

We need to let customers know why rh-postgresql10-postgresql-10.15-1.el7.x86_64 is not included with the latest errata release of oVirt 4.4

 

Is there an written policy or communication from the community one way or the other regarding the security vulnerability resolved with rh-postgresql10-postgresql-10.15-1.el7.x86_64?  (IE: it was reviewed and found not to be applicable, it will be in the next errata release, etc – something along those lines)

 

 

oracle-email-sig-198324-355094

Gregory King | Software Development Manager | +1.303.272.2427

Oracle Virtualization Sustaining Engineering

500 Eldorado Boulevard Build 5 | Broomfield Colorado 80021

Mobile: +1.303.968.8169 | Fax: +1.303.272.2427