-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 10 Feb 2026 11:50:28 +0100
Source: postgresql-15
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15
Architecture: i386
Version: 15.16-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 15
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-15 - The World's Most Advanced Open Source Relational Database
 postgresql-client-15 - front-end programs for PostgreSQL 15
 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15
 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15
 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15
 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming
Changes:
 postgresql-15 (15.16-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 15.16.
 .
     + Guard against unexpected dimensions of oidvector/int2vector (Tom Lane)
 .
       These data types are expected to be 1-dimensional arrays containing no
       nulls, but there are cast pathways that permit violating those
       expectations.  Add checks to some functions that were depending on those
       expectations without verifying them, and could misbehave in consequence.
 .
       The PostgreSQL Project thanks Altan Birler for reporting this problem.
       (CVE-2026-2003)
 .
     + Harden selectivity estimators against being attached to operators that
       accept unexpected data types (Tom Lane)
 .
       contrib/intarray contained a selectivity estimation function that could
       be abused for arbitrary code execution, because it did not check that
       its input was of the expected data type.  Third-party extensions should
       check for similar hazards and add defenses using the technique intarray
       now uses. Since such extension fixes will take time, we now require
       superuser privilege to attach a non-built-in selectivity estimator to an
       operator.
 .
       The PostgreSQL Project thanks Daniel Firer, as part of zeroday.cloud,
       for reporting this problem. (CVE-2026-2004)
 .
     + Fix buffer overrun in contrib/pgcrypto's PGP decryption functions
       (Michael Paquier)
 .
       Decrypting a crafted message with an overlength session key caused a
       buffer overrun, with consequences as bad as arbitrary code execution.
 .
       The PostgreSQL Project thanks Team Xint Code, as part of zeroday.cloud,
       for reporting this problem. (CVE-2026-2005)
 .
     + Fix inadequate validation of multibyte character lengths
       (Thomas Munro, Noah Misch)
 .
       Assorted bugs allowed an attacker able to issue crafted SQL to overrun
       string buffers, with consequences as bad as arbitrary code execution.
       After these fixes, applications may observe invalid byte sequence for
       encoding errors when string functions process invalid text that has been
       stored in the database.
 .
       The PostgreSQL Project thanks Paul Gerste and Moritz Sanft, as part of
       zeroday.cloud, for reporting this problem. (CVE-2026-2006)
Checksums-Sha1:
 07ec3a165e383a17547e104e06d4a04071a43d44 14404 libecpg-compat3-dbgsym_15.16-0+deb12u1_i386.deb
 83abe4109f432ab5076b7fdae60657170b979449 21380 libecpg-compat3_15.16-0+deb12u1_i386.deb
 5daaf4c833d20b663b9f1c3d0b38e89105b7f0b6 271128 libecpg-dev-dbgsym_15.16-0+deb12u1_i386.deb
 5451bdcfdf296daef09fa7d337a6e73862d192f0 309628 libecpg-dev_15.16-0+deb12u1_i386.deb
 e6db8e45e8446a16c9eab6bcb83ff4fc1bbf5f11 102368 libecpg6-dbgsym_15.16-0+deb12u1_i386.deb
 c01620b9b10f67cb58626e538a9977a847897e11 69020 libecpg6_15.16-0+deb12u1_i386.deb
 511d9f6a88115ace19f80da40417f76527bfb87a 80800 libpgtypes3-dbgsym_15.16-0+deb12u1_i386.deb
 5dfa7a556e6c9e6f8cc6edeb546804c006397e35 50792 libpgtypes3_15.16-0+deb12u1_i386.deb
 09435c4fe2af979efd5813bf2f9d129ea24b137b 158964 libpq-dev_15.16-0+deb12u1_i386.deb
 465d85b2eca1672539c2df135b35019b7d88b091 246852 libpq5-dbgsym_15.16-0+deb12u1_i386.deb
 c04b66b1f0fb16f786ce693fdf5ec2d383394ed1 202828 libpq5_15.16-0+deb12u1_i386.deb
 e582fba2c103ef886f9c5f44cf4b4be9e4eef8f0 15406692 postgresql-15-dbgsym_15.16-0+deb12u1_i386.deb
 29b0ab1b93e368e9103b2cb9acf752a67a7d6992 17211 postgresql-15_15.16-0+deb12u1_i386-buildd.buildinfo
 655a34e2ff20d1ecf4e16ee9e773c41a12a13c68 17103372 postgresql-15_15.16-0+deb12u1_i386.deb
 80f50bcd0a00244c77b4a7261bd198bcdc25f815 2271280 postgresql-client-15-dbgsym_15.16-0+deb12u1_i386.deb
 3c5a0dd6509d95132d9c96129be85d1b8fb0c321 1762056 postgresql-client-15_15.16-0+deb12u1_i386.deb
 cb2291dda144eadd6ecdd248ca1da41072fff883 173824 postgresql-plperl-15-dbgsym_15.16-0+deb12u1_i386.deb
 c3025937b4cfc158a991c5c7306311c84e631538 97404 postgresql-plperl-15_15.16-0+deb12u1_i386.deb
 b7b6460d7b3b3fd58ff063438fd281ee3e5fbfd5 164088 postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_i386.deb
 e97811d750582e33aab050f9b53ace1330a84f6a 117884 postgresql-plpython3-15_15.16-0+deb12u1_i386.deb
 6767a6d06f492b9c6dac4b3f50f9d93bdb97181a 74172 postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_i386.deb
 03c1103f63a63a3226409f56bc6957e158ff9ef3 47524 postgresql-pltcl-15_15.16-0+deb12u1_i386.deb
 f01d663f8a518778b8a623ee10abecf9232d1300 1169828 postgresql-server-dev-15_15.16-0+deb12u1_i386.deb
Checksums-Sha256:
 fda85bc335bec78cb1e86aa73d9c82cd89c6a4587a576aeaf3334a5e7194cd6c 14404 libecpg-compat3-dbgsym_15.16-0+deb12u1_i386.deb
 98bac5531db464a4f88716a21522e9ee081e38e5f3d352a5ea1d9b7601a9b05e 21380 libecpg-compat3_15.16-0+deb12u1_i386.deb
 e6cfc72b080a89ec3d5d3c3ab38895c1b26ac42ab67177bdec60cf8794ee59d5 271128 libecpg-dev-dbgsym_15.16-0+deb12u1_i386.deb
 bd648641dcbafd35605c7726a2c24f7cb5ab90a62ea01aec4601dcb1f6b70d45 309628 libecpg-dev_15.16-0+deb12u1_i386.deb
 0e9780950b16a13c62a793da0fe011d49e66e98551e7f95c25a73f05733a22d8 102368 libecpg6-dbgsym_15.16-0+deb12u1_i386.deb
 d8b69c458e789d642b2499db5f1c1726b2b463f6cbbd514a69541c3d6be6eeed 69020 libecpg6_15.16-0+deb12u1_i386.deb
 65cf60e7b605d78e3db3ce85bb4cdff5da985480bf41f054d9461188613db05f 80800 libpgtypes3-dbgsym_15.16-0+deb12u1_i386.deb
 2ba5eb5c51f5cbffd348bfd7dc5978a02212c2c0716d182cbb07ec9d90a5aa78 50792 libpgtypes3_15.16-0+deb12u1_i386.deb
 2ea5ddb3747c1f4369dd09e73d7ccb23f5a75714a971d35ef9fa6582a338e3b1 158964 libpq-dev_15.16-0+deb12u1_i386.deb
 c2d0d2fe37f94c16cf469a7fab6cdf1864844cfa230b609379ecfd37c9ff669a 246852 libpq5-dbgsym_15.16-0+deb12u1_i386.deb
 04b06bf814581856e9747f8e62f8ec6d10e560aae96a47bf9c5b7112d686034d 202828 libpq5_15.16-0+deb12u1_i386.deb
 1252c87324cf85b86ef9d99260e018451f76dfb4c4fa42e6c5f362d7c4eb018e 15406692 postgresql-15-dbgsym_15.16-0+deb12u1_i386.deb
 24446c8ddbb8a41916c760a35716a3319ad9ef6c6152b343edecbe8f25198f52 17211 postgresql-15_15.16-0+deb12u1_i386-buildd.buildinfo
 07fdad069107ac7a8229e7c0291a522935f59abe921ba47829fe7e53853404d7 17103372 postgresql-15_15.16-0+deb12u1_i386.deb
 b4ab847be4674eb7a0ee15b46f7fe8c39178c8d3bba592e149047ee52a8dff91 2271280 postgresql-client-15-dbgsym_15.16-0+deb12u1_i386.deb
 74e546f7962994ab69917916e55dc0156bf58d429e5e52bda97a0c81ec2f7c1c 1762056 postgresql-client-15_15.16-0+deb12u1_i386.deb
 ee2bb12b6e664a9d73e59e3bdd8010fe32c06bf95cd2e3e97ea690859638b57d 173824 postgresql-plperl-15-dbgsym_15.16-0+deb12u1_i386.deb
 90ac025d1dc99feb4e3c6479fc7b3486825c2e115912f4eefac47af7a3378d59 97404 postgresql-plperl-15_15.16-0+deb12u1_i386.deb
 42f73d5eeabf74a2c250e3d78ef051466d38fd7503c384625522d996e75c72dc 164088 postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_i386.deb
 0971a435a923bb9d918ea31240f6e586f4d348449c7142ea07dc173624db75f4 117884 postgresql-plpython3-15_15.16-0+deb12u1_i386.deb
 135a26de82cf91b3c349e6433c2f20443b5cc31d37c141d5d037349a02d8dee5 74172 postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_i386.deb
 3eae8879c8d6eb156d7990c670ef848d9d552f77eaab261823326d28d91a6e9a 47524 postgresql-pltcl-15_15.16-0+deb12u1_i386.deb
 f1220cc4175f7d1c53c918cd617f8494f35a12836878a26a5443e7182ee35c87 1169828 postgresql-server-dev-15_15.16-0+deb12u1_i386.deb
Files:
 a3c056e16ad7328f0e1f4b6aa06e3deb 14404 debug optional libecpg-compat3-dbgsym_15.16-0+deb12u1_i386.deb
 88e1179dec5b173e63de5e5698b44a06 21380 libs optional libecpg-compat3_15.16-0+deb12u1_i386.deb
 ab30cedf5626707beb571523d762d609 271128 debug optional libecpg-dev-dbgsym_15.16-0+deb12u1_i386.deb
 0a823b8686c013541fcc81fa237e1232 309628 libdevel optional libecpg-dev_15.16-0+deb12u1_i386.deb
 1916e1d6fed5a2596b100c024dd5decd 102368 debug optional libecpg6-dbgsym_15.16-0+deb12u1_i386.deb
 6ab7a6033b44cb23792b5ece641865d6 69020 libs optional libecpg6_15.16-0+deb12u1_i386.deb
 8135cda64f8d9dcd60eaf1f959c4d7d1 80800 debug optional libpgtypes3-dbgsym_15.16-0+deb12u1_i386.deb
 7aaa384540370786d4229a4521ca30a4 50792 libs optional libpgtypes3_15.16-0+deb12u1_i386.deb
 f872c114296f13e219c104ab122c74c5 158964 libdevel optional libpq-dev_15.16-0+deb12u1_i386.deb
 2e29d9234285ee9e1080b16c6c7e3634 246852 debug optional libpq5-dbgsym_15.16-0+deb12u1_i386.deb
 e8cb29ce7e36ebe3dacfaca793fda0d6 202828 libs optional libpq5_15.16-0+deb12u1_i386.deb
 66288fdb6a48c047a0ed8d41eedb9dad 15406692 debug optional postgresql-15-dbgsym_15.16-0+deb12u1_i386.deb
 21ff73b662be040370c76db7cded2b6c 17211 database optional postgresql-15_15.16-0+deb12u1_i386-buildd.buildinfo
 c15f206f644737cf6bc4c245f0a5aab9 17103372 database optional postgresql-15_15.16-0+deb12u1_i386.deb
 90309723af6ab934505dd05892019e2b 2271280 debug optional postgresql-client-15-dbgsym_15.16-0+deb12u1_i386.deb
 db3aab5be4674a59e5a9ba0d4261d610 1762056 database optional postgresql-client-15_15.16-0+deb12u1_i386.deb
 e4caa21caf7cd2af61d1e8400f10feec 173824 debug optional postgresql-plperl-15-dbgsym_15.16-0+deb12u1_i386.deb
 608397e9133d6ad801fd1a0292b34e7e 97404 database optional postgresql-plperl-15_15.16-0+deb12u1_i386.deb
 f1287363b54df216675c3744881b6eb9 164088 debug optional postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_i386.deb
 fdf0cf463affa65fb75ce2edf4c1cbdd 117884 database optional postgresql-plpython3-15_15.16-0+deb12u1_i386.deb
 0e4a64f149325f5a6ffbdeefcffa2e70 74172 debug optional postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_i386.deb
 ce4036c94b9a3d4479dbaa4d76917eeb 47524 database optional postgresql-pltcl-15_15.16-0+deb12u1_i386.deb
 e286c7723c19f1f0779db2fcdfa96c33 1169828 libdevel optional postgresql-server-dev-15_15.16-0+deb12u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEv2qEY4xQXyY/2dWIvGw9w6VrLCcFAmmLZt4ACgkQvGw9w6Vr
LCfHZA/9HgF7mj28o5p8W5GUBYTraALPas46ulXNWqR9ZaEm1lZvyVZ6JdJtUhVY
g7Oy+h8JtXauNHY7sZwE7cTGwqUxM1+MTTAl355xYOQBJ+5saCtBsYy+JbfJKky2
zGTTgJUoLDtONiQxYXpOpICT9aWyfPiuAwyrSuLGILsBbcM5WcPgOOM1VldvawJV
xnjxJt+uUa1iJNBxQs7PFvUGrWVntMAgny465vGej0BOiJ0L6PWenavAwSiDPtZp
UiGGi86yLXdZyevZVS+QfmmIBZjFbvD3oDvPo6y2hg+vvh3oEGYDNPDXjKsBzjx1
Pd2SOj9vOsMwdbv8N4DuSL8v51jKV6KXUO0pk0OipjTLKWD9fqA2yOPdjpQFoucS
JlepkpNMZ3tFdhnqqwdd+txB4dU9q7gik1id2c58q7YAErQ5s9wt6AjF4VT756TX
Mbiqpv1aYR2xi4P5z1JQponhAKKtH8hfKdwcC0G+BsWhl70pQfDZtOHVhwBPztey
wCBDU7UKXNYwPIVx2KkqEsTxH2eEb8t2EjL5oVrhWNhKFkmHYDobB1RT1FpH3Fgk
IV1ZVPkPw6vos7OGR1MTgNCDPASIc4xA3jJ9OuijRbVSd0yw2pAkWkNrbLELWCrB
iF9DwFjfeBKXGpIf1/Ue51m2aQ4xrHGz4VSR8Key/HPajwZrobs=
=SvVY
-----END PGP SIGNATURE-----