Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f4e4e48b by Salvatore Bonaccorso at 2026-02-12T15:53:41+01:00
Add upstream commit references for PostgreSQL server fixes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,30 +4,42 @@ CVE-2026-2007 [PostgreSQL pg_trgm heap buffer overflow writes
pattern onto serve
- postgresql-15 <not-affected> (Vulnerable code not present)
- postgresql-13 <not-affected> (Vulnerable code not present)
NOTE:
https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
+ NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=18548681da38b2376d0c071d568b9d0c1f8b6ad2
(REL_18_2)
+ NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=e0965fb1a8550716db08e2183560be3546851647
(REL_18_2)
CVE-2026-2006 [PostgreSQL missing validation of multibyte character length
executes arbitrary code]
- postgresql-18 18.2-1
- postgresql-17 <removed>
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE:
https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
+ NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=df0852fe037246289cc00b4d36da6c1f25ff5844
(REL_18_2)
+ NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=efef05ba995fb2f553c146acb5c33828cc4f898a
(REL_18_2)
+ NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=7b5fc85bef8a3baa530ec98f89376f9d4b7de83c
(REL_18_2)
+ NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b0f5d25bc3679afaed69d367c72efd387c763d04
(REL_18_2)
+ NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b427091947e59788289e80f0ff4279cb7d32dab1
(REL_18_2)
+ NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=4543b02af3d3077b8505d533dc51bd51fa47b34a
(REL_18_2)
CVE-2026-2005 [PostgreSQL pgcrypto heap buffer overflow executes arbitrary
code]
- postgresql-18 18.2-1
- postgresql-17 <removed>
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE:
https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
+ NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=209f387b81660e478eea147db9130af1d1c861f2
(REL_18_2)
CVE-2026-2004 [PostgreSQL intarray missing validation of type of input to
selectivity estimator executes arbitrary code]
- postgresql-18 18.2-1
- postgresql-17 <removed>
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE:
https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
+ NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=66ddac6982c6dc0369dc7b2d251f4d210d704a57
(REL_18_2)
+ NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b69af3dda26104b54d4e728c6946edcc79a8ac61
(REL_18_2)
CVE-2026-2003 [PostgreSQL oidvector discloses a few bytes of memory]
- postgresql-18 18.2-1
- postgresql-17 <removed>
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE:
https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
+ NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=3b6588cd902faa967f61f539f057f9b7643cf6a5
(REL_18_2)
CVE-2026-26081 [BUG/MAJOR: quic: reject invalid token]
- haproxy <unfixed>
[bookworm] - haproxy <not-affected> (Vulnerable code introduced later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4e4e48b4a474c4f7d43c93f2b3bdcba694211f8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4e4e48b4a474c4f7d43c93f2b3bdcba694211f8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
