[ubuntu/plucky-security] postgresql-17 17.7-0ubuntu0.25.04.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Dec 3 13:42:24 UTC 2025
postgresql-17 (17.7-0ubuntu0.25.04.1) plucky-security; urgency=medium
* New upstream version (LP: #2127667).
+ A dump/restore is not required for those running 17.X.
+ However, if you are upgrading from a version earlier than 17.6, see
those release notes as well please.
+ Check for CREATE privileges on the schema in CREATE STATISTICS (Jelte
Fennema-Nio)
This omission allowed table owners to create statistics in any schema,
potentially leading to unexpected naming conflicts. (CVE-2025-12817)
+ Avoid integer overflow in allocation-size calculations within libpq
(Jacob Champion)
Several places in libpq were not sufficiently careful about computing
the required size of a memory allocation. Sufficiently large inputs
could cause integer overflow, resulting in an undersized buffer, which
would then lead to writing past the end of the buffer. (CVE-2025-12818)
+ Details about these and many further changes can be found at:
https://www.postgresql.org/docs/17/release-17-7.html.
* d/postgresql-17.NEWS: Update NEWS file.
Date: 2025-12-02 13:15:07.659000+00:00
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/postgresql-17/17.7-0ubuntu0.25.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list