Skip to content

chore(deps): refresh rpm lockfiles [SECURITY]#21177

Open
red-hat-konflux[bot] wants to merge 1 commit into
release-4.9from
konflux/mintmaker/release-4.9/lock-file-maintenance-vulnerability
Open

chore(deps): refresh rpm lockfiles [SECURITY]#21177
red-hat-konflux[bot] wants to merge 1 commit into
release-4.9from
konflux/mintmaker/release-4.9/lock-file-maintenance-vulnerability

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

File rpms.in.yaml:

Package Change
postgresql 15.17-1.module+el8.10.0+24043+d28c3b3f -> 15.18-1.module+el8.10.0+24361+29e043a0
postgresql-private-libs 15.17-1.module+el8.10.0+24043+d28c3b3f -> 15.18-1.module+el8.10.0+24361+29e043a0

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

CVE-2026-2006

More information

Details

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database.

Severity

Important

References

postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

CVE-2026-2005

More information

Details

A heap based buffer overflow flaw has been discovered in PostgreSQL. This Heap buffer overflow is in the pgcrypto component and allows a ciphertext provider to execute arbitrary code as the operating system user running the database.

Severity

Important

References

postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

CVE-2026-2004

More information

Details

A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database.

Severity

Important

References

postgresql: PostgreSQL oidvector discloses a few bytes of memory

CVE-2026-2003

More information

Details

A type validation flaw has been discovered in postgresql. Improper validation of the type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. It is possible that this may expose confidential information but it is unlikely.

Severity

Important

References

🔧 This Pull Request updates lock files to use the latest dependency versions.

Configuration

📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux
chore(deps): refresh rpm lockfiles [SECURITY]
28ad52d 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux Bot added the mintmaker-auto-merge Automatically approve and merge PRs from MintMaker via the corresponding workflow. label Jun 16, 2026
@red-hat-konflux red-hat-konflux Bot requested review from a team and rhacs-bot as code owners June 16, 2026 11:20
@red-hat-konflux red-hat-konflux Bot added the mintmaker-auto-merge Automatically approve and merge PRs from MintMaker via the corresponding workflow. label Jun 16, 2026
@github-actions github-actions Bot added the backport PR to backport changes from master to release branch label Jun 16, 2026
@rhacs-bot

rhacs-bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Images are ready for the commit at 28ad52d.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.9.8-rc.4-1-g28ad52d0c4.

@codecov

codecov Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 48.89%. Comparing base (9308eb1) to head (28ad52d).

Additional details and impacted files 
@@               Coverage Diff               @@
##           release-4.9   #21177      +/-   ##
===============================================
- Coverage        48.89%   48.89%   -0.01%     
===============================================
  Files             2719     2719              
  Lines           202943   202943              
===============================================
- Hits             99237    99222      -15     
- Misses           95945    95955      +10     
- Partials          7761     7766       +5
Flag Coverage Δ
go-unit-tests 48.89% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rhacs-bot rhacs-bot Awaiting requested review from rhacs-bot rhacs-bot is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

backport PR to backport changes from master to release branch mintmaker-auto-merge Automatically approve and merge PRs from MintMaker via the corresponding workflow.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rhacs-bot