-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 25 Dec 2025 19:12:28 +0100 Source: postgresql-13 Architecture: source Version: 13.23-0+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian PostgreSQL Maintainers <[email protected]> Changed-By: Christoph Berg <[email protected]> Changes: postgresql-13 (13.23-0+deb11u1) bullseye-security; urgency=medium . * New upstream version 13.23. . This is expected to be the last PostgreSQL release in the 13.X series. Users are encouraged to update to a newer release branch soon. . + Check for CREATE privileges on the schema in CREATE STATISTICS (Jelte Fennema-Nio) . This omission allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. . The PostgreSQL Project thanks Jelte Fennema-Nio for reporting this problem. (CVE-2025-12817) . + Avoid integer overflow in allocation-size calculations within libpq (Jacob Champion) . Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. . The PostgreSQL Project thanks Aleksey Solovev of Positive Technologies for reporting this problem. (CVE-2025-12818) Checksums-Sha1: 3dcf06909111b06a213ed925eef077c69da23a6b 3703 postgresql-13_13.23-0+deb11u1.dsc 25e217f0c7bbc3150b4632eabdf77eb539a99719 21767253 postgresql-13_13.23.orig.tar.bz2 5639a2d9a75186c7e6c9eb3b015d4cf3b0110167 37416 postgresql-13_13.23-0+deb11u1.debian.tar.xz Checksums-Sha256: 76dc707467d02e4881849f7c432140f2678ff52cf10c51f4716cd470ce1ce180 3703 postgresql-13_13.23-0+deb11u1.dsc 6ec3c82726af92b7dec873fa1cdf881eca92a4219787dfad05acb6b10e041fd6 21767253 postgresql-13_13.23.orig.tar.bz2 bb5559329b6a7f19d1f9897c7c16b3ef8e3bfb1c8d279c790be62e2bcf3d2415 37416 postgresql-13_13.23-0+deb11u1.debian.tar.xz Files: dc7a613f42f3c6008b7605a693bb77f0 3703 database optional postgresql-13_13.23-0+deb11u1.dsc 4de7d4f52885953694620937a6e834be 21767253 database optional postgresql-13_13.23.orig.tar.bz2 45a0caf5b39fc117f5910da379337801 37416 database optional postgresql-13_13.23-0+deb11u1.debian.tar.xz
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmlNft0ACgkQTFprqxLS p67O6g//cn3gm3VZvSofsD7TEx5apIcQ9YXnsaEh88ZAZ+fGUgI7nANhRo+zxKH6 uODDTFNwqltezpETj9l/kY+flC/hZzZNin46kW5XvxeTHHlpqIGTpGqiRNz138xa g8ZmXCqanF3vAiugt729TcLARw9aVuNpvJKfscqVQ3vQ6njaCyXzDR4rI37XsBL8 niPvLdWXGtWaCUY+FCLydJk6mcBjArOFn6O0HtKxUXW+eElLeBVyBUlIjJktzk2m uNoX2TBsTZaYfVPJPctAjLYNqkNltMDFevJbOZQwuBH+ZK3rHIgE0IJq5gBwrhyU qPktA3Q75+1nwGoXsydSrhZ2K4uoWH4AV17LmSJbLWvWvaTAk/QM4YOQOZxWG+Qz WelB7dzP+suw3AJKc8hf024HSDIU7OjIZecnh9+L3WzYkUTToPHBcyNd/HMhml+k zJrnbgiB+yPHQL1E5wFhLMDs7XL+H9i8J9wDYVI+3ioERgFiwzNmriSIkm46IRGN Ax5H8hSTAz3/kgHRhmulTpg5xIs3Rp2efiJf5yGmHpS/wxT1Nx2dFwOMjC3sTyfJ 7XqxgKpQ+ujuIpKKTbKwdVBJo2ZKPnq9GSO+zz1ca1gD/20mRh0Rz4eQLN/aU9oM pASDMfcdZDE9C1Ann6cUCElG29M84+4Y35gD+Udm33AIBh4lUjc= =O0vG -----END PGP SIGNATURE-----
pgp_9xmkMLs_5.pgp
Description: PGP signature
