We need to backport the updated postgresql-15 to 5.0-10. +++ This bug was initially created as a clone of Bug #58291 +++ New Debian postgresql-15 15.13-0+deb12u1A~5.2.1.202505191416 fixes: This update addresses the following issue: 15.13-0+deb12u1 (Tue, 06 May 2025 17:55:19 +0200) * New upstream version 15.13. + Avoid one-byte buffer overread when examining invalidly-encoded strings that are claimed to be in GB18030 encoding (Noah Misch, Andres Freund) While unlikely, a SIGSEGV crash could occur if an incomplete multibyte character appeared at the end of memory. This was possible both in the server and in libpq-using applications. (CVE-2025-4207)
> repo_admin.py --cherrypick --release 5.2-0 --source errata5.2-1 --releasedest 5.0-0 --dest errata5.0-10 --package postgresql-15 A patch has been found and merged Cherry picked package postgresql-15[174127] version 15.13-0+deb12u1 from 5.2[85]/errata5.2-1[715] to 5.0[83]/errata5.0-10[713] Adjusted ucs-patches: 404844619 | patch merged manually: - from ucs_5.0-0-errata5.0-10/15.10-0+deb12u1/01_backport_to_buster.patch - somehow repo-ng picked 15.12-0+deb12u2/00_version_bump.patch instead, removed > build-package-ng -p postgresql-15 -r 5.0 -s errata5.0-10 \ > -v '15.13-0+deb10u1A~5.0.0.202505222124' Package: postgresql-15 Version: 15.13-0+deb10u1A~5.0.0.202505222124 Branch: 5.0-0 Scope: errata5.0-10 f8e69f3d8b7 | Advisory
--- mirror/ftp/pool/main/p/postgresql-15/postgresql-15_15.12-0+deb10u2A~5.0.0.202504011628.dsc +++ apt/ucs_5.0-0-errata5.0-10/source/postgresql-15_15.13-0+deb10u1A~5.0.0.202505222124.dsc @@ -1,12 +1,23 @@ -15.12-0+deb10u2A~5.0.0.202504011628 [Tue, 01 Apr 2025 16:35:54 -0000] Univention builddaemon <buildd@univention.de>: +15.13-0+deb10u1A~5.0.0.202505222124 [Thu, 22 May 2025 21:23:57 -0000] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 01_backport_to_buster.patch -15.10-0+deb10u1 [Thu, 06 Mar 2025 11:38:37 +0100] Christoph Berg <myon@debian.org>: +15.10-0+deb10u1 [Tue, 06 May 2025 17:55:19 +0200] Christoph Berg <myon@debian.org>: * Bug #57779: Backport to UCS 5.0-9 -postgresql-15 (15.12-0+deb12u2) bookworm; urgency=medium +postgresql-15 (15.13-0+deb12u1) bookworm; urgency=medium + + * New upstream version 15.13. + + + Avoid one-byte buffer overread when examining invalidly-encoded strings + that are claimed to be in GB18030 encoding (Noah Misch, Andres Freund) + + While unlikely, a SIGSEGV crash could occur if an incomplete multibyte + character appeared at the end of memory. This was possible both in the + server and in libpq-using applications. (CVE-2025-4207) + +15.12-0+deb12u2 [Thu, 06 Mar 2025 11:38:37 +0100] Christoph Berg <myon@debian.org>: * Grab base.tar.zst from failing 010_client_untar test on mipsel. <http://piuparts.knut.univention.de/5.0-10/#8729777536760517925>
We did a manual upgrade-test * from UCS 5.0-10 Keycloak 26 and postgresql-15 (this version here) * to UCS 5.2-1 For the postgresql-15 backport (Bug #57779) we did apt-pinning for UCS 5.1-0, so one sees messages like these in the updater.log (sorry, german, but you get the gist): > dpkg: Warnung: Version 15.13-0+deb10u1A~5.0.0.202505222124 des Paketes postgresql-15 wird durch ältere Version 15.10-0+deb11u1A~5.1.0.202412161548 ersetzt > Vorbereitung zum Entpacken von .../200-postgresql-15_15.10-0+deb11u1A~5.1.0.202412161548_amd64.deb ... > Entpacken von postgresql-15 (15.10-0+deb11u1A~5.1.0.202412161548) über (15.13-0+deb10u1A~5.0.0.202505222124) ... > Vorbereitung zum Entpacken von .../201-postgresql-client_15+248A~5.1.0.202412031601_all.deb ... That's ok and expected.
<https://errata.software-univention.de/#/?erratum=5.0x1281>