Package: release.debian.org
Severity: normal
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:postgresql-17
User: [email protected]
Usertags: unblock
Please unblock package postgresql-17
[ Reason ]
New upstream version, fixes CVE-2025-4207.
[ Tests ]
Extensive upstream and postgresql-common tests.
unblock postgresql-17/17.5-1
postgresql-17 (17.5-1) unstable; urgency=medium
* New upstream version 17.5.
+ Avoid one-byte buffer overread when examining invalidly-encoded strings
that are claimed to be in GB18030 encoding (Noah Misch, Andres Freund)
While unlikely, a SIGSEGV crash could occur if an incomplete multibyte
character appeared at the end of memory. This was possible both in the
server and in libpq-using applications. (CVE-2025-4207)
-- Christoph Berg <[email protected]> Tue, 06 May 2025 17:55:19 +0200
Christoph
