Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted postgresql-13 13.23-0+deb11u1 (source) into oldoldstable-security
Date: Thu, 25 Dec 2025 18:30:24 +0000
Signed by: Christoph Berg <myon@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 25 Dec 2025 19:12:28 +0100
Source: postgresql-13
Architecture: source
Version: 13.23-0+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Changes:
 postgresql-13 (13.23-0+deb11u1) bullseye-security; urgency=medium
 .
   * New upstream version 13.23.
 .
     This is expected to be the last PostgreSQL release in the 13.X series.
     Users are encouraged to update to a newer release branch soon.
 .
     + Check for CREATE privileges on the schema in CREATE STATISTICS
       (Jelte Fennema-Nio)
 .
       This omission allowed table owners to create statistics in any schema,
       potentially leading to unexpected naming conflicts.
 .
       The PostgreSQL Project thanks Jelte Fennema-Nio for reporting this
       problem. (CVE-2025-12817)
 .
     + Avoid integer overflow in allocation-size calculations within libpq
       (Jacob Champion)
 .
       Several places in libpq were not sufficiently careful about computing
       the required size of a memory allocation.  Sufficiently large inputs
       could cause integer overflow, resulting in an undersized buffer, which
       would then lead to writing past the end of the buffer.
 .
       The PostgreSQL Project thanks Aleksey Solovev of Positive Technologies
       for reporting this problem. (CVE-2025-12818)
Checksums-Sha1:
 3dcf06909111b06a213ed925eef077c69da23a6b 3703 postgresql-13_13.23-0+deb11u1.dsc
 25e217f0c7bbc3150b4632eabdf77eb539a99719 21767253 postgresql-13_13.23.orig.tar.bz2
 5639a2d9a75186c7e6c9eb3b015d4cf3b0110167 37416 postgresql-13_13.23-0+deb11u1.debian.tar.xz
Checksums-Sha256:
 76dc707467d02e4881849f7c432140f2678ff52cf10c51f4716cd470ce1ce180 3703 postgresql-13_13.23-0+deb11u1.dsc
 6ec3c82726af92b7dec873fa1cdf881eca92a4219787dfad05acb6b10e041fd6 21767253 postgresql-13_13.23.orig.tar.bz2
 bb5559329b6a7f19d1f9897c7c16b3ef8e3bfb1c8d279c790be62e2bcf3d2415 37416 postgresql-13_13.23-0+deb11u1.debian.tar.xz
Files:
 dc7a613f42f3c6008b7605a693bb77f0 3703 database optional postgresql-13_13.23-0+deb11u1.dsc
 4de7d4f52885953694620937a6e834be 21767253 database optional postgresql-13_13.23.orig.tar.bz2
 45a0caf5b39fc117f5910da379337801 37416 database optional postgresql-13_13.23-0+deb11u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmlNft0ACgkQTFprqxLS
p67O6g//cn3gm3VZvSofsD7TEx5apIcQ9YXnsaEh88ZAZ+fGUgI7nANhRo+zxKH6
uODDTFNwqltezpETj9l/kY+flC/hZzZNin46kW5XvxeTHHlpqIGTpGqiRNz138xa
g8ZmXCqanF3vAiugt729TcLARw9aVuNpvJKfscqVQ3vQ6njaCyXzDR4rI37XsBL8
niPvLdWXGtWaCUY+FCLydJk6mcBjArOFn6O0HtKxUXW+eElLeBVyBUlIjJktzk2m
uNoX2TBsTZaYfVPJPctAjLYNqkNltMDFevJbOZQwuBH+ZK3rHIgE0IJq5gBwrhyU
qPktA3Q75+1nwGoXsydSrhZ2K4uoWH4AV17LmSJbLWvWvaTAk/QM4YOQOZxWG+Qz
WelB7dzP+suw3AJKc8hf024HSDIU7OjIZecnh9+L3WzYkUTToPHBcyNd/HMhml+k
zJrnbgiB+yPHQL1E5wFhLMDs7XL+H9i8J9wDYVI+3ioERgFiwzNmriSIkm46IRGN
Ax5H8hSTAz3/kgHRhmulTpg5xIs3Rp2efiJf5yGmHpS/wxT1Nx2dFwOMjC3sTyfJ
7XqxgKpQ+ujuIpKKTbKwdVBJo2ZKPnq9GSO+zz1ca1gD/20mRh0Rz4eQLN/aU9oM
pASDMfcdZDE9C1Ann6cUCElG29M84+4Y35gD+Udm33AIBh4lUjc=
=O0vG
-----END PGP SIGNATURE-----

News for package postgresql-13