-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 10 Feb 2026 11:50:28 +0100
Source: postgresql-15
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15
Architecture: armhf
Version: 15.16-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: arm Build Daemon (arm-ubc-06) <buildd_arm64-arm-ubc-06@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 15
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-15 - The World's Most Advanced Open Source Relational Database
 postgresql-client-15 - front-end programs for PostgreSQL 15
 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15
 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15
 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15
 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming
Changes:
 postgresql-15 (15.16-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 15.16.
 .
     + Guard against unexpected dimensions of oidvector/int2vector (Tom Lane)
 .
       These data types are expected to be 1-dimensional arrays containing no
       nulls, but there are cast pathways that permit violating those
       expectations.  Add checks to some functions that were depending on those
       expectations without verifying them, and could misbehave in consequence.
 .
       The PostgreSQL Project thanks Altan Birler for reporting this problem.
       (CVE-2026-2003)
 .
     + Harden selectivity estimators against being attached to operators that
       accept unexpected data types (Tom Lane)
 .
       contrib/intarray contained a selectivity estimation function that could
       be abused for arbitrary code execution, because it did not check that
       its input was of the expected data type.  Third-party extensions should
       check for similar hazards and add defenses using the technique intarray
       now uses. Since such extension fixes will take time, we now require
       superuser privilege to attach a non-built-in selectivity estimator to an
       operator.
 .
       The PostgreSQL Project thanks Daniel Firer, as part of zeroday.cloud,
       for reporting this problem. (CVE-2026-2004)
 .
     + Fix buffer overrun in contrib/pgcrypto's PGP decryption functions
       (Michael Paquier)
 .
       Decrypting a crafted message with an overlength session key caused a
       buffer overrun, with consequences as bad as arbitrary code execution.
 .
       The PostgreSQL Project thanks Team Xint Code, as part of zeroday.cloud,
       for reporting this problem. (CVE-2026-2005)
 .
     + Fix inadequate validation of multibyte character lengths
       (Thomas Munro, Noah Misch)
 .
       Assorted bugs allowed an attacker able to issue crafted SQL to overrun
       string buffers, with consequences as bad as arbitrary code execution.
       After these fixes, applications may observe invalid byte sequence for
       encoding errors when string functions process invalid text that has been
       stored in the database.
 .
       The PostgreSQL Project thanks Paul Gerste and Moritz Sanft, as part of
       zeroday.cloud, for reporting this problem. (CVE-2026-2006)
Checksums-Sha1:
 d9bb765b2b9be28fb799103d1ea5fb9746089f15 16680 libecpg-compat3-dbgsym_15.16-0+deb12u1_armhf.deb
 00c709cea668076e1fc3b2fabcbab8e1ffbaf8b5 19712 libecpg-compat3_15.16-0+deb12u1_armhf.deb
 d695aec55c728f179c5981896face2c25b0dd4a0 236432 libecpg-dev-dbgsym_15.16-0+deb12u1_armhf.deb
 af560e9060d8dfac09e91a0294aeb311ef6b4c32 281188 libecpg-dev_15.16-0+deb12u1_armhf.deb
 eb326e614614758493d4e7986238ec6e66641720 112208 libecpg6-dbgsym_15.16-0+deb12u1_armhf.deb
 012488baceda41700908497881547ad36f15e00b 57336 libecpg6_15.16-0+deb12u1_armhf.deb
 28032a5cb0a59736229dce539fae68f29999dffb 88604 libpgtypes3-dbgsym_15.16-0+deb12u1_armhf.deb
 9bf1d6d8ab406610fcd493393ca1dafb25e371c5 44224 libpgtypes3_15.16-0+deb12u1_armhf.deb
 ae9fc662d6b77fe3653fa48d776f406c54aeb528 137948 libpq-dev_15.16-0+deb12u1_armhf.deb
 c62cc452e4fc74ee7e8715042c98cd941e79ff74 278280 libpq5-dbgsym_15.16-0+deb12u1_armhf.deb
 32c97dcd5f5f7091031b2b02e9c43746791a7d2d 176780 libpq5_15.16-0+deb12u1_armhf.deb
 478af69546026e3a396a75947c07b39be18fb3f1 16324932 postgresql-15-dbgsym_15.16-0+deb12u1_armhf.deb
 1ddac9668308665f75111b7126f5e3d9688bc9f5 17152 postgresql-15_15.16-0+deb12u1_armhf-buildd.buildinfo
 b5020fd471e01aa48848e053d34689b65f92973e 16098940 postgresql-15_15.16-0+deb12u1_armhf.deb
 e884c8d572be9e0b72b5bd39883a71dfa6fe92df 2442052 postgresql-client-15-dbgsym_15.16-0+deb12u1_armhf.deb
 d3b6c15b400be2178b35f6bfcb409ced93ef140a 1646340 postgresql-client-15_15.16-0+deb12u1_armhf.deb
 77d0f9f7f4d467c39ce21c01230dd14fde769cfa 182900 postgresql-plperl-15-dbgsym_15.16-0+deb12u1_armhf.deb
 57efe4ae193418e1516721a10fa4682f84826685 90460 postgresql-plperl-15_15.16-0+deb12u1_armhf.deb
 71c8fb3d1a0f1e9c2bd91c5e9045c0b676b22815 172696 postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_armhf.deb
 31093ddfe737a76e39b30d5789a17fdbc70f9eac 108832 postgresql-plpython3-15_15.16-0+deb12u1_armhf.deb
 c694960952b6d024a9da433e15aae01fc4ed6bef 78344 postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_armhf.deb
 f1335d08b125230620912c7212385b3caf514809 43492 postgresql-pltcl-15_15.16-0+deb12u1_armhf.deb
 aded36c54e2a860f1070eca74a38e285232b1896 1139244 postgresql-server-dev-15_15.16-0+deb12u1_armhf.deb
Checksums-Sha256:
 ed13c3c5372eab42370e876bd3650504733425373c9d73d2e950633ab8b94021 16680 libecpg-compat3-dbgsym_15.16-0+deb12u1_armhf.deb
 e9783d72fb189ea682b86cb09927646e93eef3ce75695bb85b26b5f0bc9aebf4 19712 libecpg-compat3_15.16-0+deb12u1_armhf.deb
 89fbcbefeaad41e0c9729f027d10f088a8deef9e0b0601b7191063bf00edb00a 236432 libecpg-dev-dbgsym_15.16-0+deb12u1_armhf.deb
 54afef3c61bd2bf4b9e70a1b97c7b8172e34ce772ceedefc2e4c227dcfd63297 281188 libecpg-dev_15.16-0+deb12u1_armhf.deb
 e85f858bad04c04de7ff574f5bb86665fe15d2d03b771612b446b6ae9399a856 112208 libecpg6-dbgsym_15.16-0+deb12u1_armhf.deb
 20b390f8f38e8446fc7ed5f01ce11e0cf89048baf749f42c11983f01f3dc562b 57336 libecpg6_15.16-0+deb12u1_armhf.deb
 c5075ba7f3e44aa2dec2b4e2001e3c5967893d892b7b3caa84e4b1d608da8b38 88604 libpgtypes3-dbgsym_15.16-0+deb12u1_armhf.deb
 bfea8518b8eace0afbecca374b9e16fe09e17b6bac740bb8355381d3a41f48a6 44224 libpgtypes3_15.16-0+deb12u1_armhf.deb
 4f7e27aa3a69bd6598049bc5b913b916c6e4619c1c03e8ab8bba89bc7706c206 137948 libpq-dev_15.16-0+deb12u1_armhf.deb
 5480a8532b312cb68e76066268fab52fa8b74798f87a6cbc31580db27b4dfb9f 278280 libpq5-dbgsym_15.16-0+deb12u1_armhf.deb
 415758f60863d37cfbb7717073e9c930dcb333e50e917f18214caa9960fe6991 176780 libpq5_15.16-0+deb12u1_armhf.deb
 ae6d256df5e4b94bad1a9fd5ea302a2b02d0d1851590e4051832a665e0e0e2ed 16324932 postgresql-15-dbgsym_15.16-0+deb12u1_armhf.deb
 793d86ea301adbf96b14c65049623fe86a82b3b8dcade29d75adc650c6b18ca0 17152 postgresql-15_15.16-0+deb12u1_armhf-buildd.buildinfo
 924cdca2b5f2846144da35401124fd743f686be0757f936860709e17b5d6b496 16098940 postgresql-15_15.16-0+deb12u1_armhf.deb
 e55bb02499fb277577a93cf791d03e02745147a08cc80f2dda82f45289b9c5f8 2442052 postgresql-client-15-dbgsym_15.16-0+deb12u1_armhf.deb
 8b345820682759bd6eca4b931a0b6222ded3751199f2ec76f41831255388744f 1646340 postgresql-client-15_15.16-0+deb12u1_armhf.deb
 e023c0a8547e78af562a0776446cd79f0f1b60cbd23670430d5de55a6e429bd4 182900 postgresql-plperl-15-dbgsym_15.16-0+deb12u1_armhf.deb
 035b1f098f8f54608fb9ada939815516339c163345b97319165b777831c1911c 90460 postgresql-plperl-15_15.16-0+deb12u1_armhf.deb
 001f943dd31900afd125f4438aa9433a7a19b41a967ffe2260d8ca89ff10a616 172696 postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_armhf.deb
 42f0238b4c1988c2713b4621d01170b0db3900b8af07bd28f9306da77c0cc637 108832 postgresql-plpython3-15_15.16-0+deb12u1_armhf.deb
 fae7e68fa9ec67d1da0892098d8a4e18527041c3b73984ce1a546f411e2ef09e 78344 postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_armhf.deb
 c9f1378d8746e057bd5de7feee603e5267b20b68e33b938d0c8904606a6d44e3 43492 postgresql-pltcl-15_15.16-0+deb12u1_armhf.deb
 84e17fec7a54ace3e1431327c25082b2fe3b1cde5bda6ec99960095e5cdf8279 1139244 postgresql-server-dev-15_15.16-0+deb12u1_armhf.deb
Files:
 4efdd06f2f89338b1e9dfb4bb98f1499 16680 debug optional libecpg-compat3-dbgsym_15.16-0+deb12u1_armhf.deb
 4724521c41d1f9ac30323125c172ab19 19712 libs optional libecpg-compat3_15.16-0+deb12u1_armhf.deb
 4d4b0328e3c7f92317f7db4e7ab6447c 236432 debug optional libecpg-dev-dbgsym_15.16-0+deb12u1_armhf.deb
 e881c8c5f500625d5be2d464be53b9be 281188 libdevel optional libecpg-dev_15.16-0+deb12u1_armhf.deb
 2082b61fcfd27c5fcd4f8848414f3143 112208 debug optional libecpg6-dbgsym_15.16-0+deb12u1_armhf.deb
 74bac7bef1aa4933975b4eb8a42e9c8b 57336 libs optional libecpg6_15.16-0+deb12u1_armhf.deb
 dc70cf0415c75d4bf8c7e0927813f3b1 88604 debug optional libpgtypes3-dbgsym_15.16-0+deb12u1_armhf.deb
 f9075e79164e13ff57198a14056454af 44224 libs optional libpgtypes3_15.16-0+deb12u1_armhf.deb
 e45163263de3b0a6d7468e1320252b95 137948 libdevel optional libpq-dev_15.16-0+deb12u1_armhf.deb
 cc74bc465d55e79843b2ab45dccd958c 278280 debug optional libpq5-dbgsym_15.16-0+deb12u1_armhf.deb
 235bbb0321b3671b213d657b39b3dd23 176780 libs optional libpq5_15.16-0+deb12u1_armhf.deb
 3fce3c1bc2e6aaf784bcb5f772638c49 16324932 debug optional postgresql-15-dbgsym_15.16-0+deb12u1_armhf.deb
 3cabac85a88ef4f55f35595b1f1870cb 17152 database optional postgresql-15_15.16-0+deb12u1_armhf-buildd.buildinfo
 393cde80798f880ef56c20949c0b2eda 16098940 database optional postgresql-15_15.16-0+deb12u1_armhf.deb
 5f85fdee155e6825e0c7fd8990e53c1b 2442052 debug optional postgresql-client-15-dbgsym_15.16-0+deb12u1_armhf.deb
 94c96ec4102bcf08f7868d031ac56f36 1646340 database optional postgresql-client-15_15.16-0+deb12u1_armhf.deb
 a8620ec5add4fcf100bc36332cd8944c 182900 debug optional postgresql-plperl-15-dbgsym_15.16-0+deb12u1_armhf.deb
 8ec711319d5aecfa226c781ac64d200f 90460 database optional postgresql-plperl-15_15.16-0+deb12u1_armhf.deb
 ea4db8c942a57fba16204c06baca91e7 172696 debug optional postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_armhf.deb
 cf017b8c3b252928480ce2991570d5b2 108832 database optional postgresql-plpython3-15_15.16-0+deb12u1_armhf.deb
 b2c33e889e8360a03ae2d47434968832 78344 debug optional postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_armhf.deb
 6e46147d554a2cd685c24e0b47127097 43492 database optional postgresql-pltcl-15_15.16-0+deb12u1_armhf.deb
 690f47af1af677a7a2072da73e0717fc 1139244 libdevel optional postgresql-server-dev-15_15.16-0+deb12u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpxWVfktWxVoKRwGgJ7tNDw2WyRsFAmmLY+oACgkQJ7tNDw2W
yRth+xAAhrWPxYoXNn7xbtkrbBenTdiC8b+fX2XQ379iy261SWr3GLoIl1fZgSEj
aw4xiwyk4MANHfzlNEW5Dp8UqncsBfS9UoaC+LHG8TZylg8UvZoP00wIOfiRkYGT
rGlhFin3B8G7rLQu1MWzQY43xw1EOw2q7XqpqMUj9nN/tfoA1n/5Y8/xIgS0I2ZV
wKkxvePvUbrsKvRbMTKurEPfbzjZCVsspnObQrJZmqfdXRj1BvevFWGztgNnA56+
c2Qzydn3AME7DR6pm6XzmMVooG5MHedRyr9xZIG66UXZHPu5Sm2+dmrxp4OXewie
QM/c/GixczXht5HcXKbEFxHUYTlL3LLN5kym66hLO5d5H8bP7OCco/oZJQVA7InQ
Uuk2l6pYh+LMuZZPw/FxCH5ozQCAPwXCmRB+8cX71EyCBEHNYaOgGuPtNeK6KEfv
2CJB7Tj18M78eVZCzJi5PQJ8IMLofL6MoKH/XlwR715L4nsXQU2cduk47/msAhnF
T5UePW3RBJrZ2a71VDeBQCKVoeE2ZQiZGhfGZ5+YVyx1GmCtyKSjz79CSYYmrUwS
OHeJJ3ndpxy/g6Pp0reIu/fL0PPv4O0A4PazMf40d5WEmM/Mb3wDRP9iC2aumnCu
pg65ezL2tZzqbaDl6FgxytGPb5zMKWwORNO4BkQ+wLgK+L5vVjc=
=psAt
-----END PGP SIGNATURE-----