From bc51b9574476e7b4d26c3d7c6215e88efa6884ca Mon Sep 17 00:00:00 2001 From: Filip Janus Date: Mon, 1 Dec 2025 16:27:23 +0000 Subject: [PATCH] Rebase to upstream release 13.23 - Fix CVE-2025-12818: libpq undersizes allocations, via integer wraparound Integer wraparound in PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes, resulting in segmentation fault. Resolves: RHEL-131279 --- libpq.spec | 6 +++++- sources | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/libpq.spec b/libpq.spec index 743f6ca..393ba82 100644 --- a/libpq.spec +++ b/libpq.spec @@ -3,7 +3,7 @@ Summary: PostgreSQL client library Name: libpq -Version: %{majorversion}.20 +Version: %{majorversion}.23 Release: 1%{?dist} License: PostgreSQL @@ -131,6 +131,10 @@ find_lang_bins %name-devel.lst pg_config %changelog +* Mon Dec 01 2025 Filip Janus - 13.23-1 +- Rebase to upstream release 13.23 +- Resolves: RHEL-131279 (CVE-2025-12818) + * Wed Feb 19 2025 Ales Nezbeda - 13.20-1 - Update to 13.20 diff --git a/sources b/sources index d5d8e59..71e44eb 100755 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (postgresql-13.20.tar.bz2) = 884ee8327b803c66679238525e7d51320ea537b41138d7fe8fd7e725631f734a61e53646d9cec78154f3f05a3b50e90508793a56a8f0f76699a53773930cb1d0 -SHA512 (postgresql-13.20.tar.bz2.sha256) = 515b8021b0f70c95908e3b993fef71a9e6d6b27553eb69af1b707e77921d00992b5fad089d604fb565e463bd059c266ee9479082711f68cd5d570662b586cbf2 +SHA512 (postgresql-13.23.tar.bz2) = 9589fe26d874eb91244b7325d997d5e54e93d61a13f63b7e9ef247c0ca6c8ade420487303295010b0c45d7775b64da076a2af14bdcb7a03702d06b5edf159c39 +SHA512 (postgresql-13.23.tar.bz2.sha256) = f4ef1da9ffbce1db074d2a76c87710d57139f013c8c43b7045eb986ec0c11219c5b72227fdc3765073733b694bcb25637797905c171003912944bb8110d322e5