Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted postgresql-17 17.5-1 (source) into unstable
Date: Thu, 08 May 2025 20:36:29 +0000
Signed by: Christoph Berg <myon@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 06 May 2025 17:55:19 +0200
Source: postgresql-17
Architecture: source
Version: 17.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-17 (17.5-1) unstable; urgency=medium
 .
   * New upstream version 17.5.
 .
     + Avoid one-byte buffer overread when examining invalidly-encoded strings
       that are claimed to be in GB18030 encoding (Noah Misch, Andres Freund)
 .
       While unlikely, a SIGSEGV crash could occur if an incomplete multibyte
       character appeared at the end of memory.  This was possible both in the
       server and in libpq-using applications. (CVE-2025-4207)
Checksums-Sha1:
 34f9a51418ea0f60785269b01bf2841ece670eca 4245 postgresql-17_17.5-1.dsc
 f1eb8ae6e058092dda426b03d253194387ee302b 21595174 postgresql-17_17.5.orig.tar.bz2
 0b5d56673b2ee54c5a79d854ef4420dec7b05ea1 27596 postgresql-17_17.5-1.debian.tar.xz
Checksums-Sha256:
 0306e93dd642d752db7dc52152d2a19f57c4f3d0527283d4d0bc78f7aedc092b 4245 postgresql-17_17.5-1.dsc
 fcb7ab38e23b264d1902cb25e6adafb4525a6ebcbd015434aeef9eda80f528d8 21595174 postgresql-17_17.5.orig.tar.bz2
 15359d6bb2a5d515de9cd0d0ff5ac5fefd645d38b111e2deffac53be8ef16d11 27596 postgresql-17_17.5-1.debian.tar.xz
Files:
 3daf15438665c89ef0ffd325a76ada28 4245 database optional postgresql-17_17.5-1.dsc
 8831df48f22433ef3a3b53d20b47acea 21595174 database optional postgresql-17_17.5.orig.tar.bz2
 b711536b563059d53ac0afcfb85f89af 27596 database optional postgresql-17_17.5-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmgdDYIACgkQTFprqxLS
p66gLw//QJJOg/vD5S0J9zg2BYVCuDA/xqzU7I5m8sNcodGARWu8D2+LXkLOG9qQ
ed1bac6jmp442N5ZVXZmFWuk5l6j/XBFoTTb2BgFdCyMe822RtNPXFB/Ik+GOQjR
x5a2MDI/uqaLhc9bD8rM42svJQW5wifTqHx1pDwaFZ4uc76Cs8W8Z0fO5QpzNjbv
Y2lbx5uje6JJXLu3PPZfq2IvF53f9KH9kzJGLP3X5PLuFAt7kwCt87437SRSQCUQ
F/M+HkhoXyhQQykWyqTaxJypjJzcPBOHQBF7wh6a4dEc+HmgajwFnMgzwxINWIT+
iwJlM1BvpIZDAlgfJkf2EN7q5eP6DqmihmEADzPazZt/2H8Kw2YE8V6AVBiFTrcE
WwNZAAZ4xOOIDp8cBF8iapaYvTcPuTYyAfwZW1wR9kSAi57nLfsLYnPTPQ8/dy2s
pWNCZ3kWKQ2dshEVQ+gIyrfBG2jlQ8lEjMHJ44eaqHCk/aQrG1QvcDKllNFWYlme
wgMywlBcvaOxadGHWm2g/WVPOeJjNkk1pV2z4HJpeMx/MFsdRMVP3IeJ/8oXAO5P
V9QYso1IwXHMUA/Td0eP1lXnCjkxXIJca/ZFC81bLcJmKFGZfdCRA3P0559dUdDG
wPwhWw/8Jr9xEYeDbJsYqmY9CxjnmYM/zbZeZf09Y7m9r5qGuqk=
=6g7n
-----END PGP SIGNATURE-----

News for package postgresql-17