-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 10 Feb 2026 11:50:28 +0100
Source: postgresql-15
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15
Architecture: armel
Version: 15.16-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-01) <buildd_arm64-arm-conova-01@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 15
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-15 - The World's Most Advanced Open Source Relational Database
 postgresql-client-15 - front-end programs for PostgreSQL 15
 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15
 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15
 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15
 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming
Changes:
 postgresql-15 (15.16-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 15.16.
 .
     + Guard against unexpected dimensions of oidvector/int2vector (Tom Lane)
 .
       These data types are expected to be 1-dimensional arrays containing no
       nulls, but there are cast pathways that permit violating those
       expectations.  Add checks to some functions that were depending on those
       expectations without verifying them, and could misbehave in consequence.
 .
       The PostgreSQL Project thanks Altan Birler for reporting this problem.
       (CVE-2026-2003)
 .
     + Harden selectivity estimators against being attached to operators that
       accept unexpected data types (Tom Lane)
 .
       contrib/intarray contained a selectivity estimation function that could
       be abused for arbitrary code execution, because it did not check that
       its input was of the expected data type.  Third-party extensions should
       check for similar hazards and add defenses using the technique intarray
       now uses. Since such extension fixes will take time, we now require
       superuser privilege to attach a non-built-in selectivity estimator to an
       operator.
 .
       The PostgreSQL Project thanks Daniel Firer, as part of zeroday.cloud,
       for reporting this problem. (CVE-2026-2004)
 .
     + Fix buffer overrun in contrib/pgcrypto's PGP decryption functions
       (Michael Paquier)
 .
       Decrypting a crafted message with an overlength session key caused a
       buffer overrun, with consequences as bad as arbitrary code execution.
 .
       The PostgreSQL Project thanks Team Xint Code, as part of zeroday.cloud,
       for reporting this problem. (CVE-2026-2005)
 .
     + Fix inadequate validation of multibyte character lengths
       (Thomas Munro, Noah Misch)
 .
       Assorted bugs allowed an attacker able to issue crafted SQL to overrun
       string buffers, with consequences as bad as arbitrary code execution.
       After these fixes, applications may observe invalid byte sequence for
       encoding errors when string functions process invalid text that has been
       stored in the database.
 .
       The PostgreSQL Project thanks Paul Gerste and Moritz Sanft, as part of
       zeroday.cloud, for reporting this problem. (CVE-2026-2006)
Checksums-Sha1:
 4b7fc18f352e6f88e782ad0f7dac18a94f1a751e 16372 libecpg-compat3-dbgsym_15.16-0+deb12u1_armel.deb
 f929b9afe3379a3d87de40f1c38e092a342f05d3 19684 libecpg-compat3_15.16-0+deb12u1_armel.deb
 2ffc63608a06f6f38534c74aa0c6674af585985d 232520 libecpg-dev-dbgsym_15.16-0+deb12u1_armel.deb
 93c1a9aad2b6dcf1b23926c8e995c01d737b5c65 275948 libecpg-dev_15.16-0+deb12u1_armel.deb
 7943d2982109da0462e9c71536e8889542122ee2 111204 libecpg6-dbgsym_15.16-0+deb12u1_armel.deb
 8f5d871baef0359af9aa3c657e8280f363cba315 58644 libecpg6_15.16-0+deb12u1_armel.deb
 faf14bb6de6fea395c1d1f1b1dcb3acb0db8b5a6 86556 libpgtypes3-dbgsym_15.16-0+deb12u1_armel.deb
 e0c83f63b2cc30145cddad31b2df80e1b2eed257 45164 libpgtypes3_15.16-0+deb12u1_armel.deb
 c5b751fdda649d585d67dc3d77b0d06c2f961ef4 137640 libpq-dev_15.16-0+deb12u1_armel.deb
 e51eeb02d6d900ad007bb32d6ada2bf913746ee2 274496 libpq5-dbgsym_15.16-0+deb12u1_armel.deb
 7ab9e9c88b05cf357be9f58bc672ce7331132978 175888 libpq5_15.16-0+deb12u1_armel.deb
 6e75cc834ba070d8bd14391fdfb3834f54d4ab25 16234572 postgresql-15-dbgsym_15.16-0+deb12u1_armel.deb
 0e70c10accaaad302c7d92265288577d115e0e15 17150 postgresql-15_15.16-0+deb12u1_armel-buildd.buildinfo
 7bf34803f673703132dad6f24064169a0c836768 16177476 postgresql-15_15.16-0+deb12u1_armel.deb
 00e99b38d06a1cb562533afeb47c129856531b05 2420984 postgresql-client-15-dbgsym_15.16-0+deb12u1_armel.deb
 c288856820f55fd3b1f6fe090a8ba62e2cee0aaf 1630868 postgresql-client-15_15.16-0+deb12u1_armel.deb
 e3d460c716a3f4271b7f4e21a52abd867ac249bf 181888 postgresql-plperl-15-dbgsym_15.16-0+deb12u1_armel.deb
 28ae118f4c9abdf9ec1ac6c14190cb21b28bd2c7 90668 postgresql-plperl-15_15.16-0+deb12u1_armel.deb
 bca946fc47850782d920909ef939d6c48653292c 172064 postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_armel.deb
 792f8a3f3eca7f975b47c3b59feca8cbc1e93bcc 110132 postgresql-plpython3-15_15.16-0+deb12u1_armel.deb
 1600db85d1329f9062fd63c0b88b8cacd9e0e35d 78080 postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_armel.deb
 02afe282e4f09cca74ec9d77047b15089cd98d40 43308 postgresql-pltcl-15_15.16-0+deb12u1_armel.deb
 2b8ef0006a2e300067ff9b0704283bc429352e17 1140024 postgresql-server-dev-15_15.16-0+deb12u1_armel.deb
Checksums-Sha256:
 1ca4462c5e4c882b9fd9541d1ba6ad74e990460363d90eff30321cb2d15d8564 16372 libecpg-compat3-dbgsym_15.16-0+deb12u1_armel.deb
 2766e9375ee130f9bb8c34099e8dd23b2dc1bb00c32c56dd0f7f6402615778d5 19684 libecpg-compat3_15.16-0+deb12u1_armel.deb
 89278af057721df2d4d59a03a81664dbc77ea108d3772678329a7646fa3bae56 232520 libecpg-dev-dbgsym_15.16-0+deb12u1_armel.deb
 89d7c01a734b9e7e78c1712e11b6b93bddd91d5e485b942a874b7cfa0ccf34c7 275948 libecpg-dev_15.16-0+deb12u1_armel.deb
 0019bb093df53aafdc57f327d30ccf50c89c17daaea4964ff5c733fbbdf18639 111204 libecpg6-dbgsym_15.16-0+deb12u1_armel.deb
 321dbcf115ee19cf6dcebcc864e239a35d44e4be042949dbbcfdcd6744b46b36 58644 libecpg6_15.16-0+deb12u1_armel.deb
 bf586dad90760f924ff67ea1cafdef7e281f0418577b99efe69a45363028445e 86556 libpgtypes3-dbgsym_15.16-0+deb12u1_armel.deb
 0993346f8194e78ce7c770981c4e7a46a94534219b03504ffcc5279492cc88e6 45164 libpgtypes3_15.16-0+deb12u1_armel.deb
 dd000cec0bc2b927e4d90bed38e6f9319baa779137b256f94848fc281e2cc39e 137640 libpq-dev_15.16-0+deb12u1_armel.deb
 fc6987262e11b0e61f65329b4e64a5ad840e6c266425c3fc375fe77b4a501099 274496 libpq5-dbgsym_15.16-0+deb12u1_armel.deb
 37f1de626691fdf539d781df6d3b3fd1b7aeb6bbdab8c36631e39e05885e977d 175888 libpq5_15.16-0+deb12u1_armel.deb
 aee9d4240e7800603d8d86b0dd84360f29fb641c0b3d2b906e6d0c20981967dd 16234572 postgresql-15-dbgsym_15.16-0+deb12u1_armel.deb
 35a85d9d3d5cac711a89999f2fdc7ff6c2f54cad085988052510abf4bc5dda3f 17150 postgresql-15_15.16-0+deb12u1_armel-buildd.buildinfo
 837034450df04b0b64b47b4b60b146c1b5907d357dba2fb6da16182a842b2de2 16177476 postgresql-15_15.16-0+deb12u1_armel.deb
 e2d8a4ffbaf8c6e43e55e281fd75a7061b938800c006fa06dbc28135e82d2d44 2420984 postgresql-client-15-dbgsym_15.16-0+deb12u1_armel.deb
 16bbf287f1480f9568beb50e06b92c391043ac4e102d476a790f40c8a5140649 1630868 postgresql-client-15_15.16-0+deb12u1_armel.deb
 8f82cc6fa6ba17ccb0ffa9df079d3f9656b7e2e4299141b289445a35b59ed294 181888 postgresql-plperl-15-dbgsym_15.16-0+deb12u1_armel.deb
 e6e49bae508ac3835ee035d5169f0a5eda3a71717b875502f18e841ae66b9340 90668 postgresql-plperl-15_15.16-0+deb12u1_armel.deb
 fddffeb5050fcc2a3c6b95d5361e7867878b84e0e56a419f79d28124855b16da 172064 postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_armel.deb
 91ab72f16f60d7649c3c16861f4d97baff05b92e83dea9c88526aee50e52b3ba 110132 postgresql-plpython3-15_15.16-0+deb12u1_armel.deb
 b59b3307d8400da53325ac3ee709f89c07f716e15180bd249e98bedb48b0633e 78080 postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_armel.deb
 ed5cc143a7b7bbd31b09e9259daa9a3f72c57476e94fba76786627a7288ed8fa 43308 postgresql-pltcl-15_15.16-0+deb12u1_armel.deb
 a49683faa60b0eb6c5430e38c576db07ead1318a526bdd115dd42cbce62a1f2d 1140024 postgresql-server-dev-15_15.16-0+deb12u1_armel.deb
Files:
 cc2a8b7550f432788a73fc12a164c500 16372 debug optional libecpg-compat3-dbgsym_15.16-0+deb12u1_armel.deb
 678e15df8ccfbfe39643ff3c24430bb5 19684 libs optional libecpg-compat3_15.16-0+deb12u1_armel.deb
 0572e1af7749386d0b090e93388ea7fd 232520 debug optional libecpg-dev-dbgsym_15.16-0+deb12u1_armel.deb
 58d1036d2567400348104959fdb9afad 275948 libdevel optional libecpg-dev_15.16-0+deb12u1_armel.deb
 136395aedaf071d377a25ebe4110951a 111204 debug optional libecpg6-dbgsym_15.16-0+deb12u1_armel.deb
 c245b14e12cd5cc5407330575ce9f228 58644 libs optional libecpg6_15.16-0+deb12u1_armel.deb
 2a8d0013c00e6ffc1c758a5a22aa66ec 86556 debug optional libpgtypes3-dbgsym_15.16-0+deb12u1_armel.deb
 e5715db93bfd1a05e6b0b6ac1f40f6c1 45164 libs optional libpgtypes3_15.16-0+deb12u1_armel.deb
 3d853634a780dbfcfcbd8df4bb7a9049 137640 libdevel optional libpq-dev_15.16-0+deb12u1_armel.deb
 66c2a66876839191b65fcf586ced43b4 274496 debug optional libpq5-dbgsym_15.16-0+deb12u1_armel.deb
 84616ccc2df279c6275edfd70e0ddb49 175888 libs optional libpq5_15.16-0+deb12u1_armel.deb
 59bf1f643dc01447c967a0a76bdd6dab 16234572 debug optional postgresql-15-dbgsym_15.16-0+deb12u1_armel.deb
 9d0062ab4aea5879db669228af1779fe 17150 database optional postgresql-15_15.16-0+deb12u1_armel-buildd.buildinfo
 9eacf36bfa1b9220783a6726c6c97eef 16177476 database optional postgresql-15_15.16-0+deb12u1_armel.deb
 0f84365c81fe50ebacc56ee370dc67fe 2420984 debug optional postgresql-client-15-dbgsym_15.16-0+deb12u1_armel.deb
 dcfe122adf68e773f0f49b7a82a8b4c9 1630868 database optional postgresql-client-15_15.16-0+deb12u1_armel.deb
 654167b1bcda58b7d21de47925137a05 181888 debug optional postgresql-plperl-15-dbgsym_15.16-0+deb12u1_armel.deb
 c12e44e5d8c0e142d3bc49e726f39a20 90668 database optional postgresql-plperl-15_15.16-0+deb12u1_armel.deb
 e83a5e9126d395dbda04887def39d6d9 172064 debug optional postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_armel.deb
 12e94f8260d81667c9d08ae75dbb0a22 110132 database optional postgresql-plpython3-15_15.16-0+deb12u1_armel.deb
 70547a966a56ad00808cf9d413676008 78080 debug optional postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_armel.deb
 c99326b130e502c5804f0251b73d1ce1 43308 database optional postgresql-pltcl-15_15.16-0+deb12u1_armel.deb
 56e5e8557e45615d14c8cc11f8d233d2 1140024 libdevel optional postgresql-server-dev-15_15.16-0+deb12u1_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO4qAQUSIo2p/kVRf8U6eOZMpj68FAmmLZjoACgkQ8U6eOZMp
j6//Hg/+IbuOvIOL6KVSAgvFwszQR3sB+krlrrd9n967YnQADGe/MaRPAQGxIht1
20TBZHJ92qgpRu9tBJ3HpoHKRYKCp1BbkDtmPYxlygSWftjzZfhXQLts72dx3vfE
ljsM4e+AJmSACih58SMXEvvWwm03Ah1PGAx+kLxE77Zbqmgou3nD5eAW3GAaudL9
nBmo/zUQNnzmLsyjwsPm4bS4Why3TIVAyRiHtGMjbIqCz+jM64PEyr8r1U4S4XK2
fyffHrajyCrxwEZfbviCZBvS1jIPBMJ8xbuZs5S1eA3VTlEFiZqXvWDqu5sHleyu
blCReg5Hi6j7J2NNfFmesa9XZqi7TjzOsl/1toJmOKiyoJRVjbaeTQYxQcDsbC4d
QjxnEH2kCjLXba0P6EeTm3cNakMNxaSNocCVaxX5aVnZXt7sdVDS/bFZDyeUrO/f
XMx8cdlLvU80fe/uOazc0ZluHoBoG9w5dHhlZJErflDe+9ooqFZUDJQ5nWzFqMWt
OQhj2CSNabj0QnNrISmYUGBGETe6k2x3AI2raaNCLv2R6VPuVVqOnC6I5sCsIw/7
Bwrfb4zJoTV2u0VnFmJwNsTFj2FlpWlLMkE2T9CscZsR/Vf3bb9mDyJaSHZv1Ewz
mlgA/qZG/WtO0aDcb/zqNKnsJjzEJJItNdIp6sDvD3id/A5WKdA=
=KRd/
-----END PGP SIGNATURE-----