File _patchinfo of Package patchinfo.42736

<patchinfo incident="42736">
  <issue tracker="bnc" id="1258011">VUL-0: CVE-2026-2006: postgresql: Fix inadequate validation of multibyte character lengths</issue>
  <issue tracker="bnc" id="1258010">VUL-0: CVE-2026-2005: postgresql: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions</issue>
  <issue tracker="bnc" id="1258009">VUL-0: CVE-2026-2004: postgresql: Harden selectivity estimators against being attached to operators that accept unexpected data types</issue>
  <issue tracker="bnc" id="1258008">VUL-0: CVE-2026-2003: postgresql: Guard against unexpected dimensions of oidvector/int2vector</issue>
  <issue tracker="cve" id="2026-2006"/>
  <issue tracker="cve" id="2026-2003"/>
  <issue tracker="cve" id="2026-2005"/>
  <issue tracker="cve" id="2026-2004"/>
  <packager>rmax</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for postgresql17</summary>
  <description>This update for postgresql17 fixes the following issues:

Update to version 17.8.

Security issues fixed:

- CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory (bsc#1258008).
- CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code
  execution (bsc#1258009).
- CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions could lead to arbitrary code execution
  (bsc#1258010).
- CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution
  (bsc#1258011).
</description>
</patchinfo>