Le Mon, Feb 16, 2026 at 12:43:54PM -0800, Jeremy Evans a écrit :
> On 02/12 05:54, Jeremy Evans wrote:
> > This updates to the latest release of PostgreSQL.  In addition to the
> > usual bug fixes, there are some security fixes:
> > 
> > CVE-2026-2003: PostgreSQL oidvector discloses a few bytes of memory
> > 
> > CVE-2026-2004: PostgreSQL intarray missing validation of type of input
> > to selectivity estimator executes arbitrary code
> > 
> > CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow executes
> > arbitrary code
> > 
> > CVE-2026-2006: PostgreSQL missing validation of multibyte character
> > length executes arbitrary code
> > 
> > CVE-2026-2007: PostgreSQL pg_trgm heap buffer overflow writes pattern
> > onto server memory
> > 
> > Tested locally on amd64. OKs?
> 
> PostgreSQL announced an out-of-band release for next week to fix some
> regressions in 18.2. So instead of upgrading to 18.2, we can wait for
> 18.3.  For more details:
> https://www.postgresql.org/about/news/out-of-cycle-release-scheduled-for-february-26-2026-3241/

that's no big deal commiting what you have now for 18.2 and updating to
18.3 on the 26. if you have the diff and tested it ...

i'll try to take care of the updates of the 17 branch in 7.8-stable

Landry