-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 10 Feb 2026 11:26:19 +0100 Source: postgresql-17 Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-17 postgresql-17-dbgsym postgresql-client-17 postgresql-client-17-dbgsym postgresql-plperl-17 postgresql-plperl-17-dbgsym postgresql-plpython3-17 postgresql-plpython3-17-dbgsym postgresql-pltcl-17 postgresql-pltcl-17-dbgsym postgresql-server-dev-17 postgresql-server-dev-17-dbgsym Architecture: riscv64 Version: 17.8-0+deb13u1 Distribution: trixie-security Urgency: medium Maintainer: riscv64 Build Daemon (rv-osuosl-02) Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 17 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-17 - The World's Most Advanced Open Source Relational Database postgresql-client-17 - front-end programs for PostgreSQL 17 postgresql-plperl-17 - PL/Perl procedural language for PostgreSQL 17 postgresql-plpython3-17 - PL/Python 3 procedural language for PostgreSQL 17 postgresql-pltcl-17 - PL/Tcl procedural language for PostgreSQL 17 postgresql-server-dev-17 - development files for PostgreSQL 17 server-side programming Changes: postgresql-17 (17.8-0+deb13u1) trixie-security; urgency=medium . * New upstream version 17.8. . + Guard against unexpected dimensions of oidvector/int2vector (Tom Lane) . These data types are expected to be 1-dimensional arrays containing no nulls, but there are cast pathways that permit violating those expectations. Add checks to some functions that were depending on those expectations without verifying them, and could misbehave in consequence. . The PostgreSQL Project thanks Altan Birler for reporting this problem. (CVE-2026-2003) . + Harden selectivity estimators against being attached to operators that accept unexpected data types (Tom Lane) . contrib/intarray contained a selectivity estimation function that could be abused for arbitrary code execution, because it did not check that its input was of the expected data type. Third-party extensions should check for similar hazards and add defenses using the technique intarray now uses. Since such extension fixes will take time, we now require superuser privilege to attach a non-built-in selectivity estimator to an operator. . The PostgreSQL Project thanks Daniel Firer, as part of zeroday.cloud, for reporting this problem. (CVE-2026-2004) . + Fix buffer overrun in contrib/pgcrypto's PGP decryption functions (Michael Paquier) . Decrypting a crafted message with an overlength session key caused a buffer overrun, with consequences as bad as arbitrary code execution. . The PostgreSQL Project thanks Team Xint Code, as part of zeroday.cloud, for reporting this problem. (CVE-2026-2005) . + Fix inadequate validation of multibyte character lengths (Thomas Munro, Noah Misch) . Assorted bugs allowed an attacker able to issue crafted SQL to overrun string buffers, with consequences as bad as arbitrary code execution. After these fixes, applications may observe invalid byte sequence for encoding errors when string functions process invalid text that has been stored in the database. . The PostgreSQL Project thanks Paul Gerste and Moritz Sanft, as part of zeroday.cloud, for reporting this problem. (CVE-2026-2006) Checksums-Sha1: c24a53d0d61809bddafab096c7db2e0ef2b13db3 16732 libecpg-compat3-dbgsym_17.8-0+deb13u1_riscv64.deb e4c88a02e2d6b2666bb1936fa975cc10e14ae5a8 17768 libecpg-compat3_17.8-0+deb13u1_riscv64.deb f78effa5cb96bc239edf9ef10b6103b3656fb3b8 247588 libecpg-dev-dbgsym_17.8-0+deb13u1_riscv64.deb bd24b2b142ff48de8e34c89d8769eeb840f4df9c 387864 libecpg-dev_17.8-0+deb13u1_riscv64.deb b5f0aa7bd4631afb51da033c6ae6979ef2863cd0 106864 libecpg6-dbgsym_17.8-0+deb13u1_riscv64.deb c7f24c0adae26d51fddda25905804ddb21d6b28f 61292 libecpg6_17.8-0+deb13u1_riscv64.deb 8627a49d5b0f24a3d66ff8ceda7562fbc2cec43e 86136 libpgtypes3-dbgsym_17.8-0+deb13u1_riscv64.deb f3af8796e2e394ff8cf7a076f861b66a884254d5 47300 libpgtypes3_17.8-0+deb13u1_riscv64.deb 57d759842b04b7af1dbd147f1e52c4cd2f69ddd2 266332 libpq-dev_17.8-0+deb13u1_riscv64.deb 75318a1cb8955cdaf9d3e2770baa8b4c2c1f585e 285656 libpq5-dbgsym_17.8-0+deb13u1_riscv64.deb 88f9c643158c30945904633b9c8b852d05a0b47d 228228 libpq5_17.8-0+deb13u1_riscv64.deb 6dd6c26ad7d99a762c758e7f83eadb1aa6836e98 17299404 postgresql-17-dbgsym_17.8-0+deb13u1_riscv64.deb addc580c6c0cb43115e1cd31496287fc71220222 16430 postgresql-17_17.8-0+deb13u1_riscv64-buildd.buildinfo b82a694189e6b8437e880d99f3c556f264367140 6887020 postgresql-17_17.8-0+deb13u1_riscv64.deb b65a3a94a3278c164fd2eec21733c67469d0d4d2 2847888 postgresql-client-17-dbgsym_17.8-0+deb13u1_riscv64.deb c19924d9d71fba594cd1b16b42b0b7c579155e57 2028464 postgresql-client-17_17.8-0+deb13u1_riscv64.deb c365324b3d3b49fabc52fd1afd52583a37c392e9 193392 postgresql-plperl-17-dbgsym_17.8-0+deb13u1_riscv64.deb cf35d31d070a771e4aac03926bf3108c4ea76be1 70096 postgresql-plperl-17_17.8-0+deb13u1_riscv64.deb 6ddd1b7c5cac7761f264717e2ac5ffe0fce6025e 196724 postgresql-plpython3-17-dbgsym_17.8-0+deb13u1_riscv64.deb f4038619923a93a74683c91d6714bc0850ca7853 90596 postgresql-plpython3-17_17.8-0+deb13u1_riscv64.deb 134439cc84d002a219530052cc2c26e0f42cf271 83456 postgresql-pltcl-17-dbgsym_17.8-0+deb13u1_riscv64.deb fb26b0ffcc9aeb7706e87f1dcbbc32addb0cc5dd 42328 postgresql-pltcl-17_17.8-0+deb13u1_riscv64.deb 4617901a0b64294fd5694c2d2ff9640464d81630 54228 postgresql-server-dev-17-dbgsym_17.8-0+deb13u1_riscv64.deb b35b5f1250816ac62b67345821d91351d90e1fa3 1527116 postgresql-server-dev-17_17.8-0+deb13u1_riscv64.deb Checksums-Sha256: 7c3b7f6022dd0e7d35c297619e2af2f30aee7d726a9abb0dff118e63f283d424 16732 libecpg-compat3-dbgsym_17.8-0+deb13u1_riscv64.deb 97565cf74ffbd93475135e33e82968b88f0434f08870fde2a2551eb124820cb3 17768 libecpg-compat3_17.8-0+deb13u1_riscv64.deb 6ab23f7e3a2923a1e5261e3d8adc89ced8dd4dccd493eb5f82af5a1dcc6293f0 247588 libecpg-dev-dbgsym_17.8-0+deb13u1_riscv64.deb fbb668fdf51e9e5f7800ad2870386f954293a7e207794f2695927c8556925a97 387864 libecpg-dev_17.8-0+deb13u1_riscv64.deb 46033d4e05db17937320a3a0970495aaee0d78b760d193be5ae2bc305b4d18dc 106864 libecpg6-dbgsym_17.8-0+deb13u1_riscv64.deb ba0412e014a0a5f78a6d8a1c207576cf63a446cbe88702cecb886aa5477c12a3 61292 libecpg6_17.8-0+deb13u1_riscv64.deb f23d5d316f3d46900ab2ca4854c293b1e652043288fc0c14df5dcb7d8c74adad 86136 libpgtypes3-dbgsym_17.8-0+deb13u1_riscv64.deb c3010cac598fa34bea5fcdcb22fc42ed268fd6fe4de63855e1f24b20c32cf077 47300 libpgtypes3_17.8-0+deb13u1_riscv64.deb f41559169c3d4e676dccde96ef97aeb62f49493cac0b9a14abcb582adb5f2fd3 266332 libpq-dev_17.8-0+deb13u1_riscv64.deb 544547618eadd067c248c27e5c0e958304fa5183442fbe3d7e964f58ca64de25 285656 libpq5-dbgsym_17.8-0+deb13u1_riscv64.deb e0b56a5fc5f98e0e542355885fac228a55ec4a4f8d048d1e6e7f912eeb3b91ae 228228 libpq5_17.8-0+deb13u1_riscv64.deb f7d425129722f583049e674b1c2ef101b417723fd739debb83d1a1c5519501df 17299404 postgresql-17-dbgsym_17.8-0+deb13u1_riscv64.deb f3d35fa218fdab98015ed60a3f2e2be9623a1f51107ce3297a5ae5f1594c0a3a 16430 postgresql-17_17.8-0+deb13u1_riscv64-buildd.buildinfo eaae538d548217c3248e9ad9b51db3cbb8d6edb8c72c0bb7573c3950f91a65f1 6887020 postgresql-17_17.8-0+deb13u1_riscv64.deb 551752f4d3b2e8734ab1a5870a1fdbf197025984d20fc12cffc7ec022cd3bcf4 2847888 postgresql-client-17-dbgsym_17.8-0+deb13u1_riscv64.deb 097a85e4d0e3faf0fad08c92adf5603dffbdd80f7cfc84d1afe24755e1a4ffce 2028464 postgresql-client-17_17.8-0+deb13u1_riscv64.deb 3ad36f50854af987de86f499f94566e49d1aedd68662618436cb957d8ec825c5 193392 postgresql-plperl-17-dbgsym_17.8-0+deb13u1_riscv64.deb 9e81ae01dd773c8629dd8d57019255648c37b33244cc0c0587671b18e033192e 70096 postgresql-plperl-17_17.8-0+deb13u1_riscv64.deb 83b41c694ee05994f0d0a2d5e25f136acefb62f62ba348ddd9df5c2d34e3ae9c 196724 postgresql-plpython3-17-dbgsym_17.8-0+deb13u1_riscv64.deb 874f835d30de49e2d1700dc7a9bf473031b9ed73751a47db3198910819749452 90596 postgresql-plpython3-17_17.8-0+deb13u1_riscv64.deb c682ea7cfa93f41916c3844b6b869044beeabb21437b829fad52ca4a654c8d4f 83456 postgresql-pltcl-17-dbgsym_17.8-0+deb13u1_riscv64.deb 82f278b0897609f69886883ca49771d36ed1cbbe9683230a4dc2244ba53287d3 42328 postgresql-pltcl-17_17.8-0+deb13u1_riscv64.deb b146ee8eb38e97db2e6e33de600932ed37b9b122d3a28f196b36d4820399f64f 54228 postgresql-server-dev-17-dbgsym_17.8-0+deb13u1_riscv64.deb e5ad837c888a6cadcb0d7b6fe8e970af989cef9205ee5e807cd0036ef59cabea 1527116 postgresql-server-dev-17_17.8-0+deb13u1_riscv64.deb Files: f3748bafe51fc5ebd72e16901f22e7ac 16732 debug optional libecpg-compat3-dbgsym_17.8-0+deb13u1_riscv64.deb 2335ed2e88f45aafa1610e20664a357b 17768 libs optional libecpg-compat3_17.8-0+deb13u1_riscv64.deb 1884b89a0af0174d8f6a3a3620afa7bc 247588 debug optional libecpg-dev-dbgsym_17.8-0+deb13u1_riscv64.deb 64fe2bfbcdd9b20bccec05d6dbbc7d86 387864 libdevel optional libecpg-dev_17.8-0+deb13u1_riscv64.deb ee208a0ba19c8a86638689ebdb175059 106864 debug optional libecpg6-dbgsym_17.8-0+deb13u1_riscv64.deb cd5b75c6de2f5cee39907614ca283c53 61292 libs optional libecpg6_17.8-0+deb13u1_riscv64.deb 6d721ddc7e92f949e76f5829e9544919 86136 debug optional libpgtypes3-dbgsym_17.8-0+deb13u1_riscv64.deb c5e79776b449a3bd44067b58403742a9 47300 libs optional libpgtypes3_17.8-0+deb13u1_riscv64.deb d45640809cc7049bd374c614310e10cf 266332 libdevel optional libpq-dev_17.8-0+deb13u1_riscv64.deb b040478a4f3fe30a592da24f639b1000 285656 debug optional libpq5-dbgsym_17.8-0+deb13u1_riscv64.deb 90084d026118564fdf7e8c7ec8113a5b 228228 libs optional libpq5_17.8-0+deb13u1_riscv64.deb 852401dd48dc9d51274bc31b63488f4e 17299404 debug optional postgresql-17-dbgsym_17.8-0+deb13u1_riscv64.deb 0b4acfab0feef7e823a0c8c3a00204a9 16430 database optional postgresql-17_17.8-0+deb13u1_riscv64-buildd.buildinfo baee39d2d5b7e99edcab8e6f66531032 6887020 database optional postgresql-17_17.8-0+deb13u1_riscv64.deb f943ceda3d20aeae4cebde8b6c9c4ff8 2847888 debug optional postgresql-client-17-dbgsym_17.8-0+deb13u1_riscv64.deb 3ec4258b40c687080f3d8f89591836c7 2028464 database optional postgresql-client-17_17.8-0+deb13u1_riscv64.deb c307c56350ede659352b46f319bafc94 193392 debug optional postgresql-plperl-17-dbgsym_17.8-0+deb13u1_riscv64.deb 1d3e08555250ba479d850e275daef357 70096 database optional postgresql-plperl-17_17.8-0+deb13u1_riscv64.deb 12cf36491a4431c89e7af6c723e513cc 196724 debug optional postgresql-plpython3-17-dbgsym_17.8-0+deb13u1_riscv64.deb 9a8d4e70747f852c8fbc5b2ebab9a368 90596 database optional postgresql-plpython3-17_17.8-0+deb13u1_riscv64.deb b2e87412948e3dd66ddc836be6c1601d 83456 debug optional postgresql-pltcl-17-dbgsym_17.8-0+deb13u1_riscv64.deb 1cf87a6eda4971aeb404b67e04252149 42328 database optional postgresql-pltcl-17_17.8-0+deb13u1_riscv64.deb 6806240f8464dec4d4ca1ad24427316d 54228 debug optional postgresql-server-dev-17-dbgsym_17.8-0+deb13u1_riscv64.deb 46b45d51814d9c28bfda43c74b7e48b6 1527116 libdevel optional postgresql-server-dev-17_17.8-0+deb13u1_riscv64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/AxPdLOtOshqz3vw/Fc5EAGpa+sFAmmLgysACgkQ/Fc5EAGp a+v+aA//SFL5IipXt3VnVbJlhSe1T/Eea0M+IPQaB5xXI+NC2s6m0fHZPQkOvLwc RcbNCss3fbWqoP4bY4gO+CVscuXKBJAbxQhrNBjoJbAUzvKepurH4K+Wc3tp7own jutNkrXDuylqYryzSOPLXLY6LmqApD99YogRTAV2L+BcEe7fCXL3Nwv0DhSFKqTG RsBCI4xLA55I5UJZkEuTn3BgYz39+l3P0Bkl43QU+wPE+KOkmRHnUehmMJ+OSs84 x2Pi3BVcfR2EehzTvLaEdFwi3/mur+dRb+n+y/SFsxC6CyED+scdfOsTRxJPYYlH n9KSK0bPOna7GkenccFVThttVE2Y+KL+J8pChaxY5uUlzQC9hkJLN2fv1Ie97Q3D 3r2S1MTsUrSSR+Vx2rms9nTC8EukbSJ1Cz+K+2d2Riu5fAKmpe/CnbZ3VC5lzVf7 gRR0jptJp4Xp9bu8/9g9FSb/BXwjUrsWWX34MMlqtgd0sZX8IQ7ZJ23cYPP8ABml 4yDdFbd7ra9glMjUocCPeDNCmJOZdiMAAvJwfRGzUtUT5KeXrd7fR6xq6ySdK5N1 USaxgSNHoY0jL2v/t7F+KM7AXyioQV8aa8L3Aq1tvBvVrAhp9UquCL0toC/6naUS SPHKEVQBh5Vgdz6nWzJlcGDulANZLRc2UzVBYTCL6OZqftQIVbg= =eljX -----END PGP SIGNATURE-----