-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 31 Mar 2026 10:06:10 +0200 Source: postgresql-13 Architecture: source Version: 13.23-0+deb11u2 Distribution: bullseye-security Urgency: medium Maintainer: Debian PostgreSQL Maintainers <team+postgresql@tracker.debian.org> Changed-By: Jochen Sprickerhof <jspricke@debian.org> Changes: postgresql-13 (13.23-0+deb11u2) bullseye-security; urgency=medium . * Non-maintainer upload by the LTS Team. * Fix CVE-2026-2003: Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. * Fix CVE-2026-2004: Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. * Fix CVE-2026-2005: Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. * Fix CVE-2026-2006: Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Checksums-Sha1: 10e83de6672aab09dfd13ff5d00f93df443775fc 3731 postgresql-13_13.23-0+deb11u2.dsc 25e217f0c7bbc3150b4632eabdf77eb539a99719 21767253 postgresql-13_13.23.orig.tar.bz2 55c6ac10fb9c00f4eba2a900e31b7eb0609af1b6 81188 postgresql-13_13.23-0+deb11u2.debian.tar.xz a01037951891d14b6ac08d4781ec918d6062c0d9 7520 postgresql-13_13.23-0+deb11u2_source.buildinfo Checksums-Sha256: 44b436323ed3d22d012a2696070ce4917154283cbe4465d03951d3c17b8f278c 3731 postgresql-13_13.23-0+deb11u2.dsc 6ec3c82726af92b7dec873fa1cdf881eca92a4219787dfad05acb6b10e041fd6 21767253 postgresql-13_13.23.orig.tar.bz2 a6e44b44f5c1278247cbe304763cba359e783757040ceedff9a1ad72d095d726 81188 postgresql-13_13.23-0+deb11u2.debian.tar.xz 6ab60cd299d1694c13f9e8c438075d4ef555cd0118520af2b635231f7bce8808 7520 postgresql-13_13.23-0+deb11u2_source.buildinfo Files: b44b18f5f3b206c680bd645d8d3cb947 3731 database optional postgresql-13_13.23-0+deb11u2.dsc 4de7d4f52885953694620937a6e834be 21767253 database optional postgresql-13_13.23.orig.tar.bz2 87a1ace1ccadf4236e255d18dc586954 81188 database optional postgresql-13_13.23-0+deb11u2.debian.tar.xz d2d1f24fc17a06b4dcd8fa2e18d8957a 7520 database optional postgresql-13_13.23-0+deb11u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAmnWkkAUHGpzcHJpY2tl QGRlYmlhbi5vcmcACgkQW//cwljmlDMLOA/+JmtLMeT5Asd5ze737Ep8M2SGfGLI SHuRbJ6P/WzsIoFhCxLZg/XkUibJ9XOkZtAjgg7+bkqnWN+sJKKpecd+LO8SqbOc pn2Ww9fEtt8/fZ64c2aQ+/+lnnJiRsiEELe/6LEPeD18hpwxukodDp45PrNynevi ovKycY2858oKfgYNMGN9qtR6qMwECX8C4uDIctoRF5qEpW+mPd1+BWtfGTEi0yaL yyji+F5Jej4YF/AZVV+f7vXp1hDFbBuvfAhu9zM5O7HSUzUI8h367zkvJYY7pOVx SLahCWTcxmWyNUVoIHhNoPuHGiGCtdGFqfmuloYu6IpsUOSkmyKnNoWYuwWUcL/T vq6WXNDgDvAtpxVoDFJq8NVhy77dGEEuPPaKLN65Z+wKTI31et5YaiPkXE1sSD06 2hL9mYTJlUzRScbYOwXu8+LBF/lrv1KLn2gObjByzHY6N/98p9ktFLhiJuWC9eSB Vg80L0AHl3HbQH0nTrfOUpf8mKdO4IUT+AL4zpw44ATzYTNZ8npnHaosnu3j8Ul/ 9BBqzRdjIwcAmqhoL6M20qfZAVirPUMOHn+POfV0Da1eyNPpKWB/X1d2G3D0z9K8 gVxcRmw2dqAcZWgpJW3zo7g17SdIsaqWNBheDKrANP9BYOVMKCVDPGSw7/4fKMIr Y0yS3wb1N8/BNgw= =f+ox -----END PGP SIGNATURE-----
