-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 10 Feb 2026 11:50:28 +0100
Source: postgresql-15
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15
Architecture: arm64
Version: 15.16-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: arm Build Daemon (arm-ubc-01) <buildd_arm64-arm-ubc-01@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 15
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-15 - The World's Most Advanced Open Source Relational Database
 postgresql-client-15 - front-end programs for PostgreSQL 15
 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15
 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15
 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15
 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming
Changes:
 postgresql-15 (15.16-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 15.16.
 .
     + Guard against unexpected dimensions of oidvector/int2vector (Tom Lane)
 .
       These data types are expected to be 1-dimensional arrays containing no
       nulls, but there are cast pathways that permit violating those
       expectations.  Add checks to some functions that were depending on those
       expectations without verifying them, and could misbehave in consequence.
 .
       The PostgreSQL Project thanks Altan Birler for reporting this problem.
       (CVE-2026-2003)
 .
     + Harden selectivity estimators against being attached to operators that
       accept unexpected data types (Tom Lane)
 .
       contrib/intarray contained a selectivity estimation function that could
       be abused for arbitrary code execution, because it did not check that
       its input was of the expected data type.  Third-party extensions should
       check for similar hazards and add defenses using the technique intarray
       now uses. Since such extension fixes will take time, we now require
       superuser privilege to attach a non-built-in selectivity estimator to an
       operator.
 .
       The PostgreSQL Project thanks Daniel Firer, as part of zeroday.cloud,
       for reporting this problem. (CVE-2026-2004)
 .
     + Fix buffer overrun in contrib/pgcrypto's PGP decryption functions
       (Michael Paquier)
 .
       Decrypting a crafted message with an overlength session key caused a
       buffer overrun, with consequences as bad as arbitrary code execution.
 .
       The PostgreSQL Project thanks Team Xint Code, as part of zeroday.cloud,
       for reporting this problem. (CVE-2026-2005)
 .
     + Fix inadequate validation of multibyte character lengths
       (Thomas Munro, Noah Misch)
 .
       Assorted bugs allowed an attacker able to issue crafted SQL to overrun
       string buffers, with consequences as bad as arbitrary code execution.
       After these fixes, applications may observe invalid byte sequence for
       encoding errors when string functions process invalid text that has been
       stored in the database.
 .
       The PostgreSQL Project thanks Paul Gerste and Moritz Sanft, as part of
       zeroday.cloud, for reporting this problem. (CVE-2026-2006)
Checksums-Sha1:
 5f7c1bb24fb3c0a0bac62814b1bb4df7036d1b91 16520 libecpg-compat3-dbgsym_15.16-0+deb12u1_arm64.deb
 288f253377acd5bc1d49d157a04153794587d039 20676 libecpg-compat3_15.16-0+deb12u1_arm64.deb
 0837b05fe258a006dc81b376e192a5f2eef0cb26 274732 libecpg-dev-dbgsym_15.16-0+deb12u1_arm64.deb
 ffdbd0a4f175b8771e62ab930c374d1c000bde86 285880 libecpg-dev_15.16-0+deb12u1_arm64.deb
 7333608cd111d56e9ecfe036d5f354649357c0e6 113924 libecpg6-dbgsym_15.16-0+deb12u1_arm64.deb
 fad9aeea2f39ff2f1ed1c0560f10b0bbed88c50a 62052 libecpg6_15.16-0+deb12u1_arm64.deb
 dd333c70d27b786ad9aa09d85ed5ce600e3b7bbb 87384 libpgtypes3-dbgsym_15.16-0+deb12u1_arm64.deb
 a8860605b2729d0f49c3d80e3fd1e07e1d3f231e 46444 libpgtypes3_15.16-0+deb12u1_arm64.deb
 03abdb5fab0561ffdfa5767ba24b8d5de46f0d00 145736 libpq-dev_15.16-0+deb12u1_arm64.deb
 5c5325c84b5df3866e3f924d22edfc1238ecd0a8 278856 libpq5-dbgsym_15.16-0+deb12u1_arm64.deb
 1687f78540eb3d1748667c8a600b98c801368087 186588 libpq5_15.16-0+deb12u1_arm64.deb
 bd3b86cf711e0e17ca062fea2acdcb5258f6cee4 16943016 postgresql-15-dbgsym_15.16-0+deb12u1_arm64.deb
 cd6a8562e820ef2a14cee2031ed3759a02e2877a 17308 postgresql-15_15.16-0+deb12u1_arm64-buildd.buildinfo
 67fc5e7b8972a57f86118e3fb82ea85bc329dae5 16400028 postgresql-15_15.16-0+deb12u1_arm64.deb
 64bb8841d272f9bf4d787326088a83ba8565ed7c 2652980 postgresql-client-15-dbgsym_15.16-0+deb12u1_arm64.deb
 ca9befdaee2dc70acff9315bc7031270fe1d2467 1689512 postgresql-client-15_15.16-0+deb12u1_arm64.deb
 aef295a0d378bbdb08533a4ae96973a99530552e 183544 postgresql-plperl-15-dbgsym_15.16-0+deb12u1_arm64.deb
 10262cabc542c43e573639dd98fe6826abd1b1c3 90800 postgresql-plperl-15_15.16-0+deb12u1_arm64.deb
 3a66736b079a5557b819e25f58ca71ea5266abf8 176228 postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_arm64.deb
 bf57b40b4208cf48efd0fcf5007e9f8a9d0a9497 111288 postgresql-plpython3-15_15.16-0+deb12u1_arm64.deb
 e79bfd9db2781a1091970dbc38eea4d02c2f54ea 79364 postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_arm64.deb
 e1b468452aa2222f27420b6830f9eea00e68311c 44488 postgresql-pltcl-15_15.16-0+deb12u1_arm64.deb
 d66bbdc40c90fd427bdb7388c007dce7ad2bbdc7 1149464 postgresql-server-dev-15_15.16-0+deb12u1_arm64.deb
Checksums-Sha256:
 2f826ff6742f1707659d11e5f9570123b498ee4cea508c3b62c5103d0ac560eb 16520 libecpg-compat3-dbgsym_15.16-0+deb12u1_arm64.deb
 bf8555b32820c3972d9f3f6d7ed90306f239ff91c850380f81eaf435cd57e485 20676 libecpg-compat3_15.16-0+deb12u1_arm64.deb
 3dc1c10345d3eb5743f9f2398387f5fae836a1030bfeb9088e33ce80a630c5b4 274732 libecpg-dev-dbgsym_15.16-0+deb12u1_arm64.deb
 5dbde517a734e99fcce7fe690bd62191dbf5601e96c9320ee6baa2a95a88a2ad 285880 libecpg-dev_15.16-0+deb12u1_arm64.deb
 b3889701abc62b625fce6f2da491056ffd46369d4beeff48d6f34b17a3418498 113924 libecpg6-dbgsym_15.16-0+deb12u1_arm64.deb
 af9d45548530ed0cfebe500e76737b20898326751f6e3f404ea8fecccae7ffb9 62052 libecpg6_15.16-0+deb12u1_arm64.deb
 6ed7e2d2fb54cf17359ac4a664e5af1c5ab09e641395e291a72f906ff714606c 87384 libpgtypes3-dbgsym_15.16-0+deb12u1_arm64.deb
 e15e26bd0e4c525fad6034c07d412533f4ae5fb884d25f7e90c4d92ac12362d1 46444 libpgtypes3_15.16-0+deb12u1_arm64.deb
 04912979414e1ea9798fb0698b07645acc7709a7c6441102d75f07ffbbf04c73 145736 libpq-dev_15.16-0+deb12u1_arm64.deb
 5a3d215a568b36322274f70255a6631d078fb8cc9c9dbc1e253c76b260ac0690 278856 libpq5-dbgsym_15.16-0+deb12u1_arm64.deb
 5bab2c79cd3fd8a7685a553c1ccdcdd945f11e32660ac5a7892a9768898a82f5 186588 libpq5_15.16-0+deb12u1_arm64.deb
 630a46baa4e86d69ce9848162ce5bc986c5790f60163a1a3ab961cb325b8f890 16943016 postgresql-15-dbgsym_15.16-0+deb12u1_arm64.deb
 b3f190c0e0d3a4f89a61e7f4a73ad4f99c257b612daa84fc86c3a75c9945fd50 17308 postgresql-15_15.16-0+deb12u1_arm64-buildd.buildinfo
 fd2268772c403a7c7b86568151f130a8af31254910e25ff7a4448a8f6cc03f96 16400028 postgresql-15_15.16-0+deb12u1_arm64.deb
 fd7cba0e4b807843624353bbb8deb0b7e50558caf67d6de7f62993d55f05f596 2652980 postgresql-client-15-dbgsym_15.16-0+deb12u1_arm64.deb
 cb3d47febab1bb8dc23eb9a51256f87b611284da45704df164229ce6cd6f7a50 1689512 postgresql-client-15_15.16-0+deb12u1_arm64.deb
 de1edb7bbce4c1dcc1121faa05f217ef677ab36bf1e0a9bbce65362ed719b03c 183544 postgresql-plperl-15-dbgsym_15.16-0+deb12u1_arm64.deb
 1d9335d7b82731b236595d7481e77e1ae47f312602cd8829226fe2c5765e2753 90800 postgresql-plperl-15_15.16-0+deb12u1_arm64.deb
 091170fd929b95dab6c9fd13acf6ce449d8c9976fbf3d21970474a9067445dbc 176228 postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_arm64.deb
 d7100db869549dd8e5bc3941df06ab6fd002781b96f7948bed1394bfdefdbd64 111288 postgresql-plpython3-15_15.16-0+deb12u1_arm64.deb
 2f469e423705a681c734e25379f3de0276d1f0d8db57e4a48c4a96e2dc5bb76d 79364 postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_arm64.deb
 ba25007ce99a44fa835fa88f90c41b6b9e19fbc0042aa7ee9811a22957f06d77 44488 postgresql-pltcl-15_15.16-0+deb12u1_arm64.deb
 7594ebef7e5ebce18fb0804fc403cdf1b7c73cdbe970cb793518e6f4fd982ae2 1149464 postgresql-server-dev-15_15.16-0+deb12u1_arm64.deb
Files:
 a4f5440cef3e8caaa5c92ec0bb57ca25 16520 debug optional libecpg-compat3-dbgsym_15.16-0+deb12u1_arm64.deb
 36803f59cdd3aae2c0b0b8d16f573ff5 20676 libs optional libecpg-compat3_15.16-0+deb12u1_arm64.deb
 893dd7556566620bfcc41ac1ff85d8cb 274732 debug optional libecpg-dev-dbgsym_15.16-0+deb12u1_arm64.deb
 3ee8ed658a0d9d6fe98b2af9a5c9c0bf 285880 libdevel optional libecpg-dev_15.16-0+deb12u1_arm64.deb
 9c03e10081c216d401b10dc09bc37ad2 113924 debug optional libecpg6-dbgsym_15.16-0+deb12u1_arm64.deb
 a61c7caf2de100278e7ed2ac5860e599 62052 libs optional libecpg6_15.16-0+deb12u1_arm64.deb
 9f235477881088d4ad95e655a54a0dc7 87384 debug optional libpgtypes3-dbgsym_15.16-0+deb12u1_arm64.deb
 81b7891246e2f36261fdb1789f65b030 46444 libs optional libpgtypes3_15.16-0+deb12u1_arm64.deb
 bc8f4bfc0da8c809cb742a9019d41fba 145736 libdevel optional libpq-dev_15.16-0+deb12u1_arm64.deb
 befaddc45da17107cc78976a8b1466ac 278856 debug optional libpq5-dbgsym_15.16-0+deb12u1_arm64.deb
 cfd55fd8c3733a82782162b74974669c 186588 libs optional libpq5_15.16-0+deb12u1_arm64.deb
 6b36a36c6f2dadd49d2ea592c7bd0e8d 16943016 debug optional postgresql-15-dbgsym_15.16-0+deb12u1_arm64.deb
 412533eba60de917cffbbbae4936c213 17308 database optional postgresql-15_15.16-0+deb12u1_arm64-buildd.buildinfo
 4262a8464db1def19ce306be6ed1451c 16400028 database optional postgresql-15_15.16-0+deb12u1_arm64.deb
 7b86e7d07d516bc37ea0bdf126a2141e 2652980 debug optional postgresql-client-15-dbgsym_15.16-0+deb12u1_arm64.deb
 a8ce96d875fdc38c93c61f27b7f4a480 1689512 database optional postgresql-client-15_15.16-0+deb12u1_arm64.deb
 21db4facebe9f8e5f047983d2da625d2 183544 debug optional postgresql-plperl-15-dbgsym_15.16-0+deb12u1_arm64.deb
 827ee1fe791d456e12592ffa06dd8e24 90800 database optional postgresql-plperl-15_15.16-0+deb12u1_arm64.deb
 4115c26c4e0d31e0bc7bd5986c1788c6 176228 debug optional postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_arm64.deb
 b2930508d14370a876e9f9a55ebdaa65 111288 database optional postgresql-plpython3-15_15.16-0+deb12u1_arm64.deb
 0b11dedfe9db0a0e936203e03ffa20a8 79364 debug optional postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_arm64.deb
 242d7158192f8e7197b9b11f56f8eaf8 44488 database optional postgresql-pltcl-15_15.16-0+deb12u1_arm64.deb
 cbbf25c2655e16bb51c1db8ebdab13f2 1149464 libdevel optional postgresql-server-dev-15_15.16-0+deb12u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEq41qkgEcGaML+/CnCr/D/stJkDwFAmmLYv4ACgkQCr/D/stJ
kDwyghAAtalsUkSz4IhTehP6LHc4SmMs07NN7CEaNhUViT1lU5cLhrZyASJxDJ0a
D++AptDud6vF1bRBjVp/RoVBzWsNAdARX/Em3kj5nJAvrokIEhwTC/uZHRMIeJD4
WtOkj9WozpRBEUW9jkR0Mx9Z6qNGr6Wxij8hisZEadoYaHTkr+cgYCYghTbUfSpS
ZIYKRr6KmdWi/HVKECc9EriS8iW5TjbNhU0fKfJh0Cn5cTHkMbp2UpaWZ7FRFQhY
yqaQM5V/TEKHP3eqZnMSCI9h+gcJhn0a/paF2Jul8FuHgukZZHWlETjw6cl6b9hZ
jPwj8VaHXLnsjBgLxdHwvZmFnc8vYgZFp6gSB9zpimPcQf8yjLTV6xJbATOuCZ5g
2WPxVOJgkVEhlNGTeyvWwdW5MvRaHg7LqhXdEMy0ROJkmDITi2/zpaL2jSzY/TSs
C0x3RyvP1OLwpyIM9s/PEzQ+gBpal0TxHhdNCwEor9l/q0ciYoa5XsqdXn9uJqHf
HLVTZhtI4A7UeBCDibYf2jdBT15HEsTO2b5EJDo97nNOCFuappsmAPX/WFjP6yVB
C+5ouU3gVOHD3a3eU/PiL2Bvf49vHttYKOvYcUy5KgzwhgGEvC5qgJ7LQwmW8y3r
YjYo75/MDkZA6tK9LY1UkLDT0WvBH5UIg1GGelKSamyyUz8WJ7Q=
=gdyG
-----END PGP SIGNATURE-----