From 6c4fa5432f3f040cc16fca870f0382939ae2817b Mon Sep 17 00:00:00 2001
From: Nils Vogels <n.vogels@aves-it.nl>
Date: Thu, 11 Feb 2021 12:03:07 +0100
Subject: [PATCH 1/2] Provide fix in postgresql container for CVE-2021-23240,
 CVE-2021-3156, CVE-2021-23239

---
 optional/postgresql/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/optional/postgresql/Dockerfile b/optional/postgresql/Dockerfile
index 95048147..ff25a66f 100644
--- a/optional/postgresql/Dockerfile
+++ b/optional/postgresql/Dockerfile
@@ -3,6 +3,7 @@ FROM $DISTRO
 # python3 shared with most images
 RUN apk add --no-cache \
     python3 py3-pip bash py3-multidict \
+  && apk add --upgrade sudo \
   && pip3 install --upgrade pip
 
 # Shared layer between nginx, dovecot, postfix, postgresql, rspamd, unbound, rainloop, roundcube

From 3b7ecb3a8b4c466ad2f37276107bb49efe978758 Mon Sep 17 00:00:00 2001
From: Nils Vogels <n.vogels@aves-it.nl>
Date: Thu, 11 Feb 2021 12:12:06 +0100
Subject: [PATCH 2/2] Add changelog

---
 towncrier/newsfragments/1760.bugfix | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 towncrier/newsfragments/1760.bugfix

diff --git a/towncrier/newsfragments/1760.bugfix b/towncrier/newsfragments/1760.bugfix
new file mode 100644
index 00000000..9d6f38af
--- /dev/null
+++ b/towncrier/newsfragments/1760.bugfix
@@ -0,0 +1,2 @@
+Fix CVE-2021-23240, CVE-2021-3156 and CVE-2021-23239 for postgresql
+by force-upgrading sudo.