-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 11 Nov 2025 13:05:55 +0100
Source: postgresql-18
Architecture: source
Version: 18.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
postgresql-18 (18.1-1) unstable; urgency=medium
.
* New upstream version 18.1.
.
+ Check for CREATE privileges on the schema in CREATE STATISTICS
(Jelte Fennema-Nio)
.
This omission allowed table owners to create statistics in any schema,
potentially leading to unexpected naming conflicts.
.
The PostgreSQL Project thanks Jelte Fennema-Nio for reporting this
problem. (CVE-2025-12817)
.
+ Avoid integer overflow in allocation-size calculations within libpq
(Jacob Champion)
.
Several places in libpq were not sufficiently careful about computing
the required size of a memory allocation. Sufficiently large inputs
could cause integer overflow, resulting in an undersized buffer, which
would then lead to writing past the end of the buffer.
.
The PostgreSQL Project thanks Aleksey Solovev of Positive Technologies
for reporting this problem. (CVE-2025-12818)
.
* Handle EPERM in pg_numa_init.
* Test-Depend on postgresql-common-dev.
Checksums-Sha1:
ab6ce05bf69f5c6c52687ed3379040cf9c899eed 4443 postgresql-18_18.1-1.dsc
641b6111da2e6edb88fdf811c5591e53ec23c64e 22423920 postgresql-18_18.1.orig.tar.bz2
381173be1b43d51fd62ea7742b11e2b49bb416c6 23716 postgresql-18_18.1-1.debian.tar.xz
Checksums-Sha256:
c5982f041cec2e2540dadea2fee90092f465d0606a2f8790c2691f4f498bb746 4443 postgresql-18_18.1-1.dsc
ff86675c336c46e98ac991ebb306d1b67621ece1d06787beaade312c2c915d54 22423920 postgresql-18_18.1.orig.tar.bz2
8f1d8ad43fb5ccf9f3329118602bd1ef5866633c6844b0233313cee0425772a9 23716 postgresql-18_18.1-1.debian.tar.xz
Files:
97bb4a1beb8d0ca488202563e4a1a74a 4443 database optional postgresql-18_18.1-1.dsc
32f047dc587bbc90a4f68ea7b903485d 22423920 database optional postgresql-18_18.1.orig.tar.bz2
13a8901818ccfbf20ce1dd0419dccddc 23716 database optional postgresql-18_18.1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmkVpu4ACgkQTFprqxLS
p67jdBAAhfU6O6iUdIwbJW+7++dsXhV3RYJfoEYAK2Ouh5QA+rh55Mtrv/k2i8SW
bOYyg03h0J8lT7pRY0VVCFN1RjYjvQw84dqIaCkWvXFJSLkhRb8vdaO5rwfOFfv3
mvSqEn2pErwg9QsCXZ3bFG+9kYvo4Xo+PeMd5z2J/B0ondhmdlDEu/6k9cvlrjnK
EByRsRwdcMCgnxDBQybXxENvD8rMuBkQ2PKum2iMHBG3K9VuUNOn9ND/IJV/xEdy
bKSD9VViOkO5gOR3wGDr05hNIpTv6alijqN6wpn/JslfTZzQ/BKlFvZBCRm1u4P/
IBGAaH0K9NFUJkKdIvYf06kyD1yW/Wqyo+lU0uUmgfJgd+mN1+Ip9k4yzAPnCy4b
OuU5O4OZiHx/JfwMJYgDzc9zPnyxMIMgT6hWl8jzo3jrfEDrEOm2w9i3YqC9pXuY
CFxJAmk9yWUHSLjl1dmzRjeLqEcay4gj5KRvNOlC55rg+Kn/rFA+EicAbUOjXsYD
wPtMnK/XXc/Hw3xE2/S8ClHWd1T6Cx96ob/bn+6MblhBHaG3zrRmZcdNpsj2DZaV
zUIaZFgY6hJqHpziRbK+RjcEZKarZQkhOCtyTsgB/fCOXCQ7mQNptk6YpC4UCnTT
LCB5pZmy0lPQ2J6itun7zqHNYTE4QsEpo8WkW8L8McbDMUjGg6U=
=i9n7
-----END PGP SIGNATURE-----
