-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 10 Feb 2026 11:50:28 +0100 Source: postgresql-15 Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15 Architecture: mips64el Version: 15.16-0+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-03) Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 15 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-15 - The World's Most Advanced Open Source Relational Database postgresql-client-15 - front-end programs for PostgreSQL 15 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming Changes: postgresql-15 (15.16-0+deb12u1) bookworm-security; urgency=medium . * New upstream version 15.16. . + Guard against unexpected dimensions of oidvector/int2vector (Tom Lane) . These data types are expected to be 1-dimensional arrays containing no nulls, but there are cast pathways that permit violating those expectations. Add checks to some functions that were depending on those expectations without verifying them, and could misbehave in consequence. . The PostgreSQL Project thanks Altan Birler for reporting this problem. (CVE-2026-2003) . + Harden selectivity estimators against being attached to operators that accept unexpected data types (Tom Lane) . contrib/intarray contained a selectivity estimation function that could be abused for arbitrary code execution, because it did not check that its input was of the expected data type. Third-party extensions should check for similar hazards and add defenses using the technique intarray now uses. Since such extension fixes will take time, we now require superuser privilege to attach a non-built-in selectivity estimator to an operator. . The PostgreSQL Project thanks Daniel Firer, as part of zeroday.cloud, for reporting this problem. (CVE-2026-2004) . + Fix buffer overrun in contrib/pgcrypto's PGP decryption functions (Michael Paquier) . Decrypting a crafted message with an overlength session key caused a buffer overrun, with consequences as bad as arbitrary code execution. . The PostgreSQL Project thanks Team Xint Code, as part of zeroday.cloud, for reporting this problem. (CVE-2026-2005) . + Fix inadequate validation of multibyte character lengths (Thomas Munro, Noah Misch) . Assorted bugs allowed an attacker able to issue crafted SQL to overrun string buffers, with consequences as bad as arbitrary code execution. After these fixes, applications may observe invalid byte sequence for encoding errors when string functions process invalid text that has been stored in the database. . The PostgreSQL Project thanks Paul Gerste and Moritz Sanft, as part of zeroday.cloud, for reporting this problem. (CVE-2026-2006) Checksums-Sha1: 5b048e00ee3788ca0f832101f76c7cd59a65a052 18096 libecpg-compat3-dbgsym_15.16-0+deb12u1_mips64el.deb 3fa5c44e2f23ea9719a707e5aae942687cb7a12c 20680 libecpg-compat3_15.16-0+deb12u1_mips64el.deb fb956d80417607333b755c5a717460d4f3e284d4 250480 libecpg-dev-dbgsym_15.16-0+deb12u1_mips64el.deb 0bae9b9de7e3fd3bd4135f383f5f41d1412e7191 290368 libecpg-dev_15.16-0+deb12u1_mips64el.deb 01cd9b27abcd82d736aad0cb1783f6527aaaf31d 117304 libecpg6-dbgsym_15.16-0+deb12u1_mips64el.deb 88ffb1b993521c79ce276a4f34db603c28949887 61992 libecpg6_15.16-0+deb12u1_mips64el.deb 834d858a81c3e88cf4f319afc5643f5d62c352bd 92612 libpgtypes3-dbgsym_15.16-0+deb12u1_mips64el.deb 2dcda036afcc8dc3591101dca55509a8737c347d 47120 libpgtypes3_15.16-0+deb12u1_mips64el.deb acf366acceebb5812196bc1446fac99efead1fde 154684 libpq-dev_15.16-0+deb12u1_mips64el.deb d9d3a7759ad32e06418c8dfbf55440ae497c67b7 290328 libpq5-dbgsym_15.16-0+deb12u1_mips64el.deb 20752e48709a276a416d93c56492e496bdb4f9dd 183284 libpq5_15.16-0+deb12u1_mips64el.deb f4d42a3560c02759bbdb83adde555f884d48fd3e 17151404 postgresql-15-dbgsym_15.16-0+deb12u1_mips64el.deb 181ffd809d00b8cf9faf096b2e281daf582206a2 17293 postgresql-15_15.16-0+deb12u1_mips64el-buildd.buildinfo 0c980492d4e3641b308d49f5bfefd5ded566a112 16401056 postgresql-15_15.16-0+deb12u1_mips64el.deb 68056e3f0d04ca010036593678002a5c4e83b6cb 2595392 postgresql-client-15-dbgsym_15.16-0+deb12u1_mips64el.deb 736b05e00f7ac72dfaa69b247c3f002776cc1c63 1678632 postgresql-client-15_15.16-0+deb12u1_mips64el.deb b596a3cc1ba29b356549a5407784414aed4b9120 190212 postgresql-plperl-15-dbgsym_15.16-0+deb12u1_mips64el.deb 393e130f713c6eee5ad6968da22ed5c31cda3cc1 89288 postgresql-plperl-15_15.16-0+deb12u1_mips64el.deb 874817966ca711c38ea840fbf649df7b32ba65a0 182260 postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_mips64el.deb f543c34b1ae6c5ce48378987eb845f12ae33b56a 107948 postgresql-plpython3-15_15.16-0+deb12u1_mips64el.deb 70b90def67b1a4364f97dd57bdd80238d7a542ca 81404 postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_mips64el.deb 8dbe47d9184e79290921ed89b5ba1300c02e1844 43480 postgresql-pltcl-15_15.16-0+deb12u1_mips64el.deb 7bc594e691ca1072f26a22b3e1261a9776af980b 1161844 postgresql-server-dev-15_15.16-0+deb12u1_mips64el.deb Checksums-Sha256: 29f2b615c9fb5b544bea169d8a65832431922440c3da7edbad4a0d063552df1b 18096 libecpg-compat3-dbgsym_15.16-0+deb12u1_mips64el.deb b3c65a04e10feab944fb1aae06d8e66dd3f305d86821b8eab208c6ca2cf1eed2 20680 libecpg-compat3_15.16-0+deb12u1_mips64el.deb 4935700da383c216f4cf6a45015bc985867eef91ed963a5ea68bcb40c9dcfaed 250480 libecpg-dev-dbgsym_15.16-0+deb12u1_mips64el.deb 0dbadd045f39575b7257620e0e8fcfa233d55863b5d4b37d0103b48a57ec1583 290368 libecpg-dev_15.16-0+deb12u1_mips64el.deb 362af6fb74bdeef45c59452d7d8c711908e128c58c75c6a048085c092accba7b 117304 libecpg6-dbgsym_15.16-0+deb12u1_mips64el.deb 13bdcd35da1851b75e672895d471582d7d2da17dc103e5657d47c9fe004663c6 61992 libecpg6_15.16-0+deb12u1_mips64el.deb b4329394c815793dd3c25baf06dd51db0082e9cf90a694ab028c482f64586726 92612 libpgtypes3-dbgsym_15.16-0+deb12u1_mips64el.deb 2f7bd7e941ac0d22d79890a54fa722a193bad9ef5b4c5a05edfb737a545e4f86 47120 libpgtypes3_15.16-0+deb12u1_mips64el.deb 116c5c590f673e2d32414a224cae401f0e4f5370cee36f7087e7b3067ad896de 154684 libpq-dev_15.16-0+deb12u1_mips64el.deb 09808f7deb70f1a9e1942f598e40190a311aa57ff1e8a349479b1da4a4209de6 290328 libpq5-dbgsym_15.16-0+deb12u1_mips64el.deb 5b11d3841daa1ae52e977121461cc1738191efe30c36e67616920e7d0346954a 183284 libpq5_15.16-0+deb12u1_mips64el.deb 08f4577294b7407f63ae66fa89dd55e307d9fb98e488a5c981917dcf94d2f9f3 17151404 postgresql-15-dbgsym_15.16-0+deb12u1_mips64el.deb 3a8c237b9b1c71023eee7051e0107831e442a75d714a05f888f193c0503afcff 17293 postgresql-15_15.16-0+deb12u1_mips64el-buildd.buildinfo b22fbee4dbaea5281d1c22aad18048e0dfcf4894d24d7066f783b249f304065b 16401056 postgresql-15_15.16-0+deb12u1_mips64el.deb 5d5cb8827558a03ce42318895a568a92a78d9d5e768875a9709c9514035679cd 2595392 postgresql-client-15-dbgsym_15.16-0+deb12u1_mips64el.deb 0b8615f7e4df260094b5d650e9c3d211300a02b5e75037c5d826e646ac7121e6 1678632 postgresql-client-15_15.16-0+deb12u1_mips64el.deb 2867753baaf81dc2f1445870c5a4b92bae13e874c1faf27cdd27c154d8fa63d2 190212 postgresql-plperl-15-dbgsym_15.16-0+deb12u1_mips64el.deb 687036228f56062ea8199eb78c4e6a71db6a4e1c65f03dcddc75fbb11e018b35 89288 postgresql-plperl-15_15.16-0+deb12u1_mips64el.deb c372b6e9c57201f0be72faf2b9d8ce04c9098b9ebb0a3460b31cdfbbcdefc417 182260 postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_mips64el.deb 5f8a40d54ad031578dda893c642f10ce5de16e66acaf7ce9850c166e4409a02d 107948 postgresql-plpython3-15_15.16-0+deb12u1_mips64el.deb 5c82a67c52e9a465b7ee51a1bf8794bac6be93ee837fba63194559b62b43adc2 81404 postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_mips64el.deb 9a7b7bd12f1d8851c1fe27f8e762de983e468c6d3adf917386f6f2adb959e816 43480 postgresql-pltcl-15_15.16-0+deb12u1_mips64el.deb a7f394075dafb7f45c6898e158bb03b4ff639214386315fe70838d7de4eeccf4 1161844 postgresql-server-dev-15_15.16-0+deb12u1_mips64el.deb Files: 8585689b3498e26fc3fe8fb203b9ba04 18096 debug optional libecpg-compat3-dbgsym_15.16-0+deb12u1_mips64el.deb 1e4bc8aebb1ef4372f838201ef8d4c52 20680 libs optional libecpg-compat3_15.16-0+deb12u1_mips64el.deb 0d5878d18a58b99ee7fcc1074ca5961d 250480 debug optional libecpg-dev-dbgsym_15.16-0+deb12u1_mips64el.deb c32e38c52decf80b305c134733e64d6c 290368 libdevel optional libecpg-dev_15.16-0+deb12u1_mips64el.deb 58eb59281c00c4063510fe6042861152 117304 debug optional libecpg6-dbgsym_15.16-0+deb12u1_mips64el.deb f13242018efd67aeef2bc67f8e0caa17 61992 libs optional libecpg6_15.16-0+deb12u1_mips64el.deb b08a0f2b2e3ac7f7452f02cd5639f799 92612 debug optional libpgtypes3-dbgsym_15.16-0+deb12u1_mips64el.deb a01b74ae8aa9c1b08fa4f5031b8f0a86 47120 libs optional libpgtypes3_15.16-0+deb12u1_mips64el.deb cc9e85abd20fc049b278fe1d05587041 154684 libdevel optional libpq-dev_15.16-0+deb12u1_mips64el.deb a1593e2ff078e0c8d4424898d69d15bc 290328 debug optional libpq5-dbgsym_15.16-0+deb12u1_mips64el.deb 0404446f2734f1b735ab460dbec3677c 183284 libs optional libpq5_15.16-0+deb12u1_mips64el.deb 15039848507734d42641e33351980e02 17151404 debug optional postgresql-15-dbgsym_15.16-0+deb12u1_mips64el.deb 0a7c73d6ea027d6767a9cbf5cb5b70e9 17293 database optional postgresql-15_15.16-0+deb12u1_mips64el-buildd.buildinfo 96d3609a729537cf64bfb77381a35c24 16401056 database optional postgresql-15_15.16-0+deb12u1_mips64el.deb d32d42b968fc9930538a43750786f6a0 2595392 debug optional postgresql-client-15-dbgsym_15.16-0+deb12u1_mips64el.deb 8a3dd5e6922b24d4d748ce340ee14259 1678632 database optional postgresql-client-15_15.16-0+deb12u1_mips64el.deb a06e8aa462f49dad53215fe775d582ba 190212 debug optional postgresql-plperl-15-dbgsym_15.16-0+deb12u1_mips64el.deb 624bc44e58a817e14446c6d909c027ae 89288 database optional postgresql-plperl-15_15.16-0+deb12u1_mips64el.deb e43844aa232499b595e41dde3dc7af8d 182260 debug optional postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_mips64el.deb 8c437d7646c84fb268d46945c66242d9 107948 database optional postgresql-plpython3-15_15.16-0+deb12u1_mips64el.deb 99a7d4a4cf5f274381db2a0ff1b9a651 81404 debug optional postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_mips64el.deb 68a0636befb4ef62c5bba4a53952b5be 43480 database optional postgresql-pltcl-15_15.16-0+deb12u1_mips64el.deb 0e9917536e31538c506ff80a2dca9cc1 1161844 libdevel optional postgresql-server-dev-15_15.16-0+deb12u1_mips64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEesE3YcWKZXIkRPMemf85J+x5/aoFAmmLcFoACgkQmf85J+x5 /apufBAAphDsHKUKnvjkqbR0NE9Ox49UyQ1hkapFvS47K3fui2WNG2mMOBWU3Vt1 9CChgTBEtJd+FfjixFv+bCwAbfv7x6D8tG0uj0GECBS/xY1CT37XqCDwXD5MIOzJ 3oaeCPQnq9es0zg5po77LCfhFNSDISjM7moBorwTe3MlwSYrsMSwd9FUUrw3+bWJ pFcZIrK8IgUA2oDy38qqFpcml304F/Fz6JbbhRpTKSGG7w8leMzqLU6d2Z+fZetj 71IpBxzNWz5HO4i8HcVDPocI3jz2A3rb9n8WoJHPzp03kSGl87IdR+15nrVQKWj2 9R2fgZ3oLVupE0qWxHAOzTWU2oPLnV7/pw4IPdCmfFedmr8jhdBS6vCPxJnseZXO f7EeIrf96AtHaPITrWyL+2Zpq33dW0hqM963MSuzdDEaKm1hjMgrmAWVUQ5+Pjuf 56yUoLkZNYbFHQbBQ/9Yj3t3rBhEl/jCWyIusec7rEpnw8Dx2NrjeMuKgExL2qkm SzoGRRsORw3Phdq6pMuigUO6NengSiQUnQOWSpaHfE5y/NVHri0NnuhTqRZoQA3c 4ptYwxT/PUtfLZhEMEZ2sOViupYgM2jpFcFsh9/fcYwO23zX3o9fwk8/fZJYw7B7 NJPPMCwPBY+TiryYf0Inoh1JGBZgn9LvjfO49xDAyaBVnqBEX6c= =nl2e -----END PGP SIGNATURE-----