{ "document": { "aggregate_severity": { "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "* SECURITY UPDATE: integer wraparound on 32-bit systems in palloc() callers\n - debian/patches/CVE-2026-6473.patch: integer wraparound on 32-bit systems in palloc() callers\n - CVE-2026-6473\n * SECURITY UPDATE: format-string memory disclosure in timeofday() via crafted timezones\n - debian/patches/CVE-2026-6474.patch: format-string memory disclosure in timeofday() via crafted timezones\n - CVE-2026-6474\n * SECURITY UPDATE: path traversal in pg_rewind allows origin superuser to overwrite local files\n - debian/patches/CVE-2026-6475.patch: path traversal in pg_rewind allows origin superuser to overwrite local files\n - CVE-2026-6475\n * SECURITY UPDATE: stack buffer overrun in libpq PQfn() (lo_read/lo_lseek64/lo_tell64)\n - debian/patches/CVE-2026-6477.patch: stack buffer overrun in libpq PQfn() (lo_read/lo_lseek64/lo_tell64)\n - CVE-2026-6477\n * SECURITY UPDATE: covert timing channel in MD5 password comparison\n - debian/patches/CVE-2026-6478.patch: covert timing channel in MD5 password comparison\n - CVE-2026-6478\n * SECURITY UPDATE: SQL injection and stack buffer overruns in refint contrib module\n - debian/patches/CVE-2026-6637.patch: SQL injection and stack buffer overruns in refint contrib module\n - CVE-2026-6637", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779389543", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779389543" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/debian10els/advisories/2026/clsa-2026_1779389543.json" } ], "tracking": { "current_release_date": "2026-05-21T18:53:39Z", "generator": { "date": "2026-05-21T18:53:39Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1779389543", "initial_release_date": "2026-05-21T18:53:39Z", "revision_history": [ { "date": "2026-05-21T18:53:39Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "Fix of 6 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Debian None", "product": { "name": "Debian None", "product_id": "Debian-10", "product_identification_helper": { "cpe": "cpe:2.3:o:debian:debian_linux:10:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Debian" } ], "category": "vendor", "name": "Software in the Public Interest, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libpq-dev@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libecpg-dev@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libpq5@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-11@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-plpython-11@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-plpython3-11@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-server-dev-11@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libecpg-compat3@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libecpg6@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-pltcl-11@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libpgtypes3@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-client-11@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product": { "name": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_id": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-plperl-11@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libpgtypes3@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-server-dev-11@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libecpg-compat3@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-plpython-11@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libpq-dev@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-pltcl-11@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-plperl-11@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libecpg-dev@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-client-11@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libecpg6@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-plpython3-11@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-11@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product": { "name": "libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_id": "libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libpq5@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "product": { "name": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "product_id": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-doc-11@11.22-0%2Bdeb10u2%2Btuxcare.els2?arch=all" } } }, { "category": "product_version", "name": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "product": { "name": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "product_id": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-doc-11@11.22-0%2Bdeb10u2%2Btuxcare.els1?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all as a component of Debian None", "product_id": "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all" }, "product_reference": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" }, "product_reference": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all as a component of Debian None", "product_id": "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all" }, "product_reference": "postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64" }, "product_reference": "libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-6637", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" }, "notes": [ { "category": "description", "text": "Stack buffer overflow in PostgreSQL module \"refint\" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a \"refint\" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" ], "known_affected": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-6637" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6637/", "url": "https://www.postgresql.org/support/security/CVE-2026-6637/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-21T18:52:25.464143Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779389543", "product_ids": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779389543" }, { "category": "none_available", "date": "2026-05-14T14:16:00Z", "details": "Affected", "product_ids": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-6473", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant database functions, the application input provider may achieve a segmentation fault. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" ], "known_affected": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-6473" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6473/", "url": "https://www.postgresql.org/support/security/CVE-2026-6473/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-21T18:52:25.464143Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779389543", "product_ids": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779389543" }, { "category": "none_available", "date": "2026-05-14T14:16:00Z", "details": "Affected", "product_ids": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-6474", "cwe": { "id": "CWE-134", "name": "Use of Externally-Controlled Format String" }, "notes": [ { "category": "description", "text": "Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" ], "known_affected": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-6474" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6474/", "url": "https://www.postgresql.org/support/security/CVE-2026-6474/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-21T18:52:25.464143Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779389543", "product_ids": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779389543" }, { "category": "none_available", "date": "2026-05-14T14:16:00Z", "details": "Affected", "product_ids": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-6477", "cwe": { "id": "CWE-242", "name": "Use of Inherently Dangerous Function" }, "notes": [ { "category": "description", "text": "Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \\lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" ], "known_affected": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-6477" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6477/", "url": "https://www.postgresql.org/support/security/CVE-2026-6477/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-21T18:52:25.464143Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779389543", "product_ids": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779389543" }, { "category": "none_available", "date": "2026-05-14T14:16:00Z", "details": "Affected", "product_ids": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-6478", "cwe": { "id": "CWE-385", "name": "Covert Timing Channel" }, "notes": [ { "category": "description", "text": "Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed passwords originating in upgrades from PostgreSQL 13 or earlier. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" ], "known_affected": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-6478" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6478/", "url": "https://www.postgresql.org/support/security/CVE-2026-6478/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-21T18:52:25.464143Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779389543", "product_ids": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779389543" }, { "category": "none_available", "date": "2026-05-14T14:16:00Z", "details": "Affected", "product_ids": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-6475", "cwe": { "id": "CWE-61", "name": "UNIX Symbolic Link (Symlink) Following" }, "notes": [ { "category": "description", "text": "Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" ], "known_affected": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-6475" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6475/", "url": "https://www.postgresql.org/support/security/CVE-2026-6475/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-21T18:52:25.464143Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779389543", "product_ids": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els2.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els2.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els2.amd64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779389543" }, { "category": "none_available", "date": "2026-05-14T14:16:00Z", "details": "Affected", "product_ids": [ "Debian-10:libecpg-compat3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libecpg6-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpgtypes3-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq-dev-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:libpq5-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-client-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-doc-11-0:11.22-0+deb10u2+tuxcare.els1.all", "Debian-10:postgresql-plperl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-plpython3-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-pltcl-11-0:11.22-0+deb10u2+tuxcare.els1.amd64", "Debian-10:postgresql-server-dev-11-0:11.22-0+deb10u2+tuxcare.els1.amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] } ] }