As per https://www.postgresql.org/about/news/out-of-cycle-release- scheduled-for-february-26-2026-3241/, we are going to wait the releases next week to address this one.
** Summary changed: - New PostgreSQL upstream microreleases 14.21, 16.12, and 17.8 + New PostgreSQL upstream microreleases 14.22, 16.13, and 17.9 ** Description changed: [Impact] * MRE for latest stable fixes of Postgres 14, 16, and 17 released in - February 2026. + February 2026. This will include the hotfixes also released in February, + as discussed in https://www.postgresql.org/about/news/out-of-cycle- + release-scheduled-for-february-26-2026-3241/. [Test Case] * The Postgres MREs traditionally rely on the large set of autopkgtests to run for verification. In a PPA, those are all already pre-checked to be good for this upload. [Regression Potential] * Upstream tests are usually great and in addition in the Archive there are plenty of autopkgtests that in the past caught issues before being released. But nevertheless there always is a risk for something to break. Since these are general stable releases I can't pinpoint them to a most-likely area. - usually this works smoothly except a few test hiccups (flaky) that need to be clarified to be sure. Pre-checks will catch those to be discussed upfront (as last time) [Other Info] * This is a reoccurring MRE, see below and all the references * CVEs addressed by this MRE: - CVE-2026-2003 - CVE-2026-2004 - - CVE-2026-2005 - - CVE-2026-2006 - - CVE-2026-2007 + - CVE-2026-2005 + - CVE-2026-2006 + - CVE-2026-2007 Current versions in supported releases that got updates: postgresql-14 | 14.20-0ubuntu0.22.04.1 | jammy-security | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x postgresql-16 | 16.11-0ubuntu0.24.04.1 | noble-security | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x postgresql-17 | 17.7-0ubuntu0.25.10.1 | questing-security | source, amd64, arm64, armhf, i386, ppc64el, riscv64, s390x Special cases: - Since there are 5 CVEs being fixed here, we will push these MREs through the security pocket. - resolute already got this new release for postgresql-18 (currently in proposed) Standing MRE - Consider last updates as template: - https://pad.lv/1637236 - https://pad.lv/1664478 - https://pad.lv/1690730 - https://pad.lv/1713979 - https://pad.lv/1730661 - https://pad.lv/1747676 - https://pad.lv/1752271 - https://pad.lv/1786938 - https://pad.lv/1815665 - https://pad.lv/1828012 - https://pad.lv/1833211 - https://pad.lv/1839058 - https://pad.lv/1863108 - https://pad.lv/1892335 - https://pad.lv/1915254 - https://pad.lv/1928773 - https://pad.lv/1939396 - https://pad.lv/1950268 - https://pad.lv/1961127 - https://pad.lv/1973627 - https://pad.lv/1978249 - https://pad.lv/1984012 - https://pad.lv/1996770 - https://pad.lv/2006406 - https://pad.lv/2019214 - https://pad.lv/2028426 - https://pad.lv/2040469 - https://pad.lv/2067388 - https://pad.lv/2076183 - https://pad.lv/2085196 - https://pad.lv/2099900 - https://pad.lv/2110377 - https://pad.lv/2112531 - https://pad.lv/2127667 As usual we test and prep from the PPA and then push through SRU/Security as applicable. Once ready, the test packages should be available at https://launchpad.net/~canonical-server/+archive/ubuntu/postgresql-sru- preparation/+packages -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2127668 Title: New PostgreSQL upstream microreleases 14.22, 16.13, and 17.9 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postgresql-14/+bug/2127668/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
