Mailing List Archive | ports@openbsd.org

From:: Jeremy Evans <jeremy@openbsd.org>
Subject:: Re: Update: PostgreSQL 18.2
To:: OpenBSD ports <ports@openbsd.org>
Date:: Mon, 16 Feb 2026 12:43:54 -0800

Download raw body.

Thread

2026-02-13 01:54 Jeremy Evans:
Update: PostgreSQL 18.2
- 2026-02-16 20:43 Jeremy Evans:
  Update: PostgreSQL 18.2
- - 2026-02-17 07:36 Landry Breuil:
    Update: PostgreSQL 18.2
  - - 2026-02-17 07:37 Landry Breuil:
      Update: PostgreSQL 18.2

On 02/12 05:54, Jeremy Evans wrote:
> This updates to the latest release of PostgreSQL.  In addition to the
> usual bug fixes, there are some security fixes:
> 
> CVE-2026-2003: PostgreSQL oidvector discloses a few bytes of memory
> 
> CVE-2026-2004: PostgreSQL intarray missing validation of type of input
> to selectivity estimator executes arbitrary code
> 
> CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow executes
> arbitrary code
> 
> CVE-2026-2006: PostgreSQL missing validation of multibyte character
> length executes arbitrary code
> 
> CVE-2026-2007: PostgreSQL pg_trgm heap buffer overflow writes pattern
> onto server memory
> 
> Tested locally on amd64. OKs?

PostgreSQL announced an out-of-band release for next week to fix some
regressions in 18.2. So instead of upgrading to 18.2, we can wait for
18.3.  For more details:
https://www.postgresql.org/about/news/out-of-cycle-release-scheduled-for-february-26-2026-3241/

Best,
Jeremy

2026-02-13 01:54 Jeremy Evans:
Update: PostgreSQL 18.2
- 2026-02-16 20:43 Jeremy Evans:
  Update: PostgreSQL 18.2
- - 2026-02-17 07:36 Landry Breuil:
    Update: PostgreSQL 18.2
  - - 2026-02-17 07:37 Landry Breuil:
      Update: PostgreSQL 18.2