I would like to know when AlmaLinux takes the changes made by RedHat described at this link:
https://access.redhat.com/errata/RHSA-2025:3082
Hi there, and welcome! You can find our related release information on https://errata.almalinux.org/ by searching for the CVE number (in this case CVE-2025-1094).
1 Like
For that particular CVE, Red Hat update most “streams” in Feb 20, but for the postgresql:12 Mar 20, last week. Therefore, AlmaLinux has had only a week to build that particular version.
The OP seems to aks for the state of/estimate for the build that has not been published yet (in repo or errata).
Ah! Thanks, @jlehtone, and sorry for missing that @VincenzoM!
In talking with the build system team lead, it looks like this was a mistake on the RHEL side of things. We did pull in the patch and release it, but it looks like this it wasn’t marked as a security fix on the RHEL side. You can see, the CVE isn’t listed here:
This happens sometimes, unfortunately. We’ve had a few of these come up and have been able to ask Red Hat to fix them with ease. We’ve asked them to correct this one, and are going to look at what we can do on our side to make sure they don’t get missed in the future.
Feel free to let us know if you have any more questions, or you can join the conversation directly on mattermost in the ~development chat.