[Git][security-tracker-team/security-tracker][master] Add new PostgreSQL issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 12 14:48:58 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b0aa0b1b by Salvatore Bonaccorso at 2026-02-12T15:48:30+01:00
Add new PostgreSQL issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2026-2007 [PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory]
+	- postgresql-18 18.2-1
+	- postgresql-17 <not-affected> (Vulnerable code not present)
+	- postgresql-15 <not-affected> (Vulnerable code not present)
+	- postgresql-13 <not-affected> (Vulnerable code not present)
+	NOTE: https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
+CVE-2026-2006 [PostgreSQL missing validation of multibyte character length executes arbitrary code]
+	- postgresql-18 18.2-1
+	- postgresql-17 <removed>
+	- postgresql-15 <removed>
+	- postgresql-13 <removed>
+	NOTE: https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
+CVE-2026-2005 [PostgreSQL pgcrypto heap buffer overflow executes arbitrary code]
+	- postgresql-18 18.2-1
+	- postgresql-17 <removed>
+	- postgresql-15 <removed>
+	- postgresql-13 <removed>
+	NOTE: https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
+CVE-2026-2004 [PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code]
+	- postgresql-18 18.2-1
+	- postgresql-17 <removed>
+	- postgresql-15 <removed>
+	- postgresql-13 <removed>
+	NOTE: https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
+CVE-2026-2003 [PostgreSQL oidvector discloses a few bytes of memory]
+	- postgresql-18 18.2-1
+	- postgresql-17 <removed>
+	- postgresql-15 <removed>
+	- postgresql-13 <removed>
+	NOTE: https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
 CVE-2026-26081 [BUG/MAJOR: quic: reject invalid token]
 	- haproxy <unfixed>
 	[bookworm] - haproxy <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0aa0b1bb43e293aaa7e6436154a046bdb11484f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0aa0b1bb43e293aaa7e6436154a046bdb11484f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260212/8edf5244/attachment.htm>

More information about the debian-security-tracker-commits mailing list