Package "libpq5"

  postgresql-17 (17.7-0ubuntu0.25.10.1) questing-security; urgency=medium

  * New upstream version (LP: #2127667).

    + A dump/restore is not required for those running 17.X.

    + However, if you are upgrading from a version earlier than 17.6, see
      those release notes as well please.

    + Check for CREATE privileges on the schema in CREATE STATISTICS (Jelte
      Fennema-Nio)

      This omission allowed table owners to create statistics in any schema,
      potentially leading to unexpected naming conflicts. (CVE-2025-12817)

    + Avoid integer overflow in allocation-size calculations within libpq
      (Jacob Champion)

      Several places in libpq were not sufficiently careful about computing
      the required size of a memory allocation. Sufficiently large inputs
      could cause integer overflow, resulting in an undersized buffer, which
      would then lead to writing past the end of the buffer. (CVE-2025-12818)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/17/release-17-7.html.

  * d/postgresql-17.NEWS: Create NEWS file.

 -- Athos Ribeiro <email address hidden> Wed, 19 Nov 2025 10:23:51 -0300