Accepted postgresql-17 17.7-0+deb13u1 (source) into proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted postgresql-17 17.7-0+deb13u1 (source) into proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 30 Dec 2025 21:47:05 +0000
Message-id: <[🔎] E1vahYX-000000038zm-2Wzi@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 25 Dec 2025 19:03:31 +0100
Source: postgresql-17
Architecture: source
Version: 17.7-0+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-17 (17.7-0+deb13u1) trixie; urgency=medium
 .
   * New upstream version 17.7.
 .
     + Check for CREATE privileges on the schema in CREATE STATISTICS
       (Jelte Fennema-Nio)
 .
       This omission allowed table owners to create statistics in any schema,
       potentially leading to unexpected naming conflicts.
 .
       The PostgreSQL Project thanks Jelte Fennema-Nio for reporting this
       problem. (CVE-2025-12817)
 .
     + Avoid integer overflow in allocation-size calculations within libpq
       (Jacob Champion)
 .
       Several places in libpq were not sufficiently careful about computing
       the required size of a memory allocation.  Sufficiently large inputs
       could cause integer overflow, resulting in an undersized buffer, which
       would then lead to writing past the end of the buffer.
 .
       The PostgreSQL Project thanks Aleksey Solovev of Positive Technologies
       for reporting this problem. (CVE-2025-12818)
Checksums-Sha1:
 62880eed049ba9d4b0c5ff058021104b0caa681d 4277 postgresql-17_17.7-0+deb13u1.dsc
 5d67ec142df976adb52eb9e053f341bcdae9192c 21646334 postgresql-17_17.7.orig.tar.bz2
 241128de607316a94ce33f7569f770f7b672246c 28916 postgresql-17_17.7-0+deb13u1.debian.tar.xz
Checksums-Sha256:
 c648dbc8092f1dc92d36d437d2e9a11b1c15dbef89cbf26dd71d4dfc5908a6f2 4277 postgresql-17_17.7-0+deb13u1.dsc
 ef9e343302eccd33112f1b2f0247be493cb5768313adeb558b02de8797a2e9b5 21646334 postgresql-17_17.7.orig.tar.bz2
 19c872ab156451593a11e4de10f72cee0d50119bc2cff8b1148052a2a9c8ce95 28916 postgresql-17_17.7-0+deb13u1.debian.tar.xz
Files:
 60a49ca25df74161e6cfea7bc06e1610 4277 database optional postgresql-17_17.7-0+deb13u1.dsc
 a4fa04d16e511e068736d154ca74752d 21646334 database optional postgresql-17_17.7.orig.tar.bz2
 fc56cab30411dd32848c9dc009cd29bd 28916 database optional postgresql-17_17.7-0+deb13u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmlNfSEACgkQTFprqxLS
p67U/w//fM2k/aCrgy2I1pyaoC+nVcE2UysanlrOTyuiQ+d08nmRZ9e4X71/6YJ9
Q0Pm3QHcIJoF55cQ5GavrtQZxdM8nhWJDHuJ71Te6UTXWy1fsbc91y/wbfILMgUx
15odvasrpQ6xu9nxlTkKbfQQ5o6WC8jQ5eMcWTio2RRbtP2bCA5JMba0ditx5DRj
s0hUhn5FrTpVY0YAsR/Bt6eBVr/ud80+eIolHYdS+gB50POmNlB6sAxU3Zvz7Na1
Tut4w7mYO3GHB2ig5LkTa6j0GldwKcwgel7zZebyYdfLRWluozE8sL4JI5741hZH
vjxQD1O5WEO1uCbeUXhE7QTMKsLQ4jEaxPd4VSkxEAGPiOCPwTtgStWLTQ+z5Z+N
f4DiQCWs2PxhVABi8k9lkSvyfgtDZoZ98Mv0zuqNrgl47k/OxmodI6B0vrGWHg9/
a2+B4AHiXh4BBlbkFu3aK+tc86HlWmh9UIMJGERciPQLg30eEXdXO8JtSazBUK8l
hYxxRl6vmAnXGf0QfQ0EwY5z94NOk8dD8N2QlQb8q3ZwmTb75fs/3kNw/t1vmL9S
MW8Pj45Fjy6XC563dlIjcpUrkMzKA9g/BVbrQozVT1RXxMEljZjolA1NYtN3lS3a
3DYu2IJ+JIyJ/GlinreYadOw7IBejYUjrfJdOfb6U9yf6rDHj9s=
=PBz2
-----END PGP SIGNATURE-----

Attachment: pgpGK7C9KXiMP.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted shadow 1:4.13+dfsg1-1+deb12u2 (source) into oldstable-proposed-updates
Next by Date: Accepted linux 6.12.63-1 (source) into proposed-updates
Previous by thread: Accepted shadow 1:4.13+dfsg1-1+deb12u2 (source) into oldstable-proposed-updates
Next by thread: Accepted linux 6.12.63-1 (source) into proposed-updates
Index(es):
- Date
- Thread