#21553 closed enhancement (fixed)
postgresql-17.5
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.4 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor version.
Change History (5)
comment:1 by , 9 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 9 months ago
comment:3 by , 9 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at commits
58bff76667 Update to php-8.4.7. cea2e6f17f Update to postgresql-17.5. 4560912fac Update to libavif-1.3.0.
comment:4 by , 9 months ago
| Priority: | normal → elevated |
|---|
This release contained a security fix:
https://www.postgresql.org/about/news/postgresql-175-169-1513-1418-and-1321-released-3072/ announces the release of PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21, all of which include a fix for: CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation CVSS v3.1 Base Score: 5.9 Supported, Vulnerable Versions: 13 - 17. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.
Note:
See TracTickets
for help on using tickets.
Release notes are at https://www.postgresql.org/docs/current/release-17-5.html#RELEASE-17-5-CHANGES