Mailing List Archive | ports@openbsd.org

From:: Stuart Henderson <stu@spacehopper.org>
Subject:: Re: databases/timescaledb 2.25.2 (CVE #2026-29089)
To:: Mark Patruck <mark@wrapped.cx>
Cc:: Renato Aguiar <renato@renatoaguiar.net>, ports@openbsd.org
Date:: Thu, 5 Mar 2026 23:03:04 +0000

Download raw body.

Thread

2026-03-05 19:40 Mark Patruck:
databases/timescaledb 2.25.2 (CVE #2026-29089)
- 2026-03-05 21:53 Renato Aguiar:
  databases/timescaledb 2.25.2 (CVE #2026-29089)
- 2026-03-05 23:03 Stuart Henderson:
  databases/timescaledb 2.25.2 (CVE #2026-29089)
- - 2026-03-06 07:58 Mark Patruck:
    databases/timescaledb 2.25.2 (CVE #2026-29089)

On 2026/03/05 20:40, Mark Patruck wrote:
> Update databases/timescaledb to 2.25.2 (+ extras) released
> two days ago. Besides performance improvements, 2.25.2 fixes
> also a security issue, see here for more info:
> 
> https://github.com/timescale/timescaledb/security/advisories/GHSA-vgp2-jj5c-828m
> 
> Changes since in-ports 2.23.1:
> 
> https://github.com/timescale/timescaledb/releases/tag/2.24.0
> https://github.com/timescale/timescaledb/releases/tag/2.25.0
> https://github.com/timescale/timescaledb/releases/tag/2.25.1
> https://github.com/timescale/timescaledb/releases/tag/2.25.2
> 
> As the only direct consumer i know (net/zabbix) works with 2.25.2
> and our in-ports version is months old, we should get this in asap.

committed to -current.

it looks like 7.8-stable would need a zabbix update before we can commit
it there, is that right?

2026-03-05 19:40 Mark Patruck:
databases/timescaledb 2.25.2 (CVE #2026-29089)
- 2026-03-05 21:53 Renato Aguiar:
  databases/timescaledb 2.25.2 (CVE #2026-29089)
- 2026-03-05 23:03 Stuart Henderson:
  databases/timescaledb 2.25.2 (CVE #2026-29089)
- - 2026-03-06 07:58 Mark Patruck:
    databases/timescaledb 2.25.2 (CVE #2026-29089)