[Git][security-tracker-team/security-tracker][master] Add upstream commit references for PostgreSQL server fixes

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 12 14:54:23 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f4e4e48b by Salvatore Bonaccorso at 2026-02-12T15:53:41+01:00
Add upstream commit references for PostgreSQL server fixes

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,30 +4,42 @@ CVE-2026-2007 [PostgreSQL pg_trgm heap buffer overflow writes pattern onto serve
 	- postgresql-15 <not-affected> (Vulnerable code not present)
 	- postgresql-13 <not-affected> (Vulnerable code not present)
 	NOTE: https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
+	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=18548681da38b2376d0c071d568b9d0c1f8b6ad2 (REL_18_2)
+	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=e0965fb1a8550716db08e2183560be3546851647 (REL_18_2)
 CVE-2026-2006 [PostgreSQL missing validation of multibyte character length executes arbitrary code]
 	- postgresql-18 18.2-1
 	- postgresql-17 <removed>
 	- postgresql-15 <removed>
 	- postgresql-13 <removed>
 	NOTE: https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
+	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=df0852fe037246289cc00b4d36da6c1f25ff5844 (REL_18_2)
+	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=efef05ba995fb2f553c146acb5c33828cc4f898a (REL_18_2)
+	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=7b5fc85bef8a3baa530ec98f89376f9d4b7de83c (REL_18_2)
+	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b0f5d25bc3679afaed69d367c72efd387c763d04 (REL_18_2)
+	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b427091947e59788289e80f0ff4279cb7d32dab1 (REL_18_2)
+	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=4543b02af3d3077b8505d533dc51bd51fa47b34a (REL_18_2)
 CVE-2026-2005 [PostgreSQL pgcrypto heap buffer overflow executes arbitrary code]
 	- postgresql-18 18.2-1
 	- postgresql-17 <removed>
 	- postgresql-15 <removed>
 	- postgresql-13 <removed>
 	NOTE: https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
+	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=209f387b81660e478eea147db9130af1d1c861f2 (REL_18_2)
 CVE-2026-2004 [PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code]
 	- postgresql-18 18.2-1
 	- postgresql-17 <removed>
 	- postgresql-15 <removed>
 	- postgresql-13 <removed>
 	NOTE: https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
+	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=66ddac6982c6dc0369dc7b2d251f4d210d704a57 (REL_18_2)
+	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b69af3dda26104b54d4e728c6946edcc79a8ac61 (REL_18_2)
 CVE-2026-2003 [PostgreSQL oidvector discloses a few bytes of memory]
 	- postgresql-18 18.2-1
 	- postgresql-17 <removed>
 	- postgresql-15 <removed>
 	- postgresql-13 <removed>
 	NOTE: https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
+	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=3b6588cd902faa967f61f539f057f9b7643cf6a5 (REL_18_2)
 CVE-2026-26081 [BUG/MAJOR: quic: reject invalid token]
 	- haproxy <unfixed>
 	[bookworm] - haproxy <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4e4e48b4a474c4f7d43c93f2b3bdcba694211f8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4e4e48b4a474c4f7d43c93f2b3bdcba694211f8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260212/9041f2d7/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list