Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b0aa0b1b by Salvatore Bonaccorso at 2026-02-12T15:48:30+01:00 Add new PostgreSQL issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,33 @@ +CVE-2026-2007 [PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory] + - postgresql-18 18.2-1 + - postgresql-17 <not-affected> (Vulnerable code not present) + - postgresql-15 <not-affected> (Vulnerable code not present) + - postgresql-13 <not-affected> (Vulnerable code not present) + NOTE: https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/ +CVE-2026-2006 [PostgreSQL missing validation of multibyte character length executes arbitrary code] + - postgresql-18 18.2-1 + - postgresql-17 <removed> + - postgresql-15 <removed> + - postgresql-13 <removed> + NOTE: https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/ +CVE-2026-2005 [PostgreSQL pgcrypto heap buffer overflow executes arbitrary code] + - postgresql-18 18.2-1 + - postgresql-17 <removed> + - postgresql-15 <removed> + - postgresql-13 <removed> + NOTE: https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/ +CVE-2026-2004 [PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code] + - postgresql-18 18.2-1 + - postgresql-17 <removed> + - postgresql-15 <removed> + - postgresql-13 <removed> + NOTE: https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/ +CVE-2026-2003 [PostgreSQL oidvector discloses a few bytes of memory] + - postgresql-18 18.2-1 + - postgresql-17 <removed> + - postgresql-15 <removed> + - postgresql-13 <removed> + NOTE: https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/ CVE-2026-26081 [BUG/MAJOR: quic: reject invalid token] - haproxy <unfixed> [bookworm] - haproxy <not-affected> (Vulnerable code introduced later) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0aa0b1bb43e293aaa7e6436154a046bdb11484f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0aa0b1bb43e293aaa7e6436154a046bdb11484f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
