-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 10 Feb 2026 11:26:19 +0100
Source: postgresql-17
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-17 postgresql-17-dbgsym postgresql-client-17 postgresql-client-17-dbgsym postgresql-plperl-17 postgresql-plperl-17-dbgsym postgresql-plpython3-17 postgresql-plpython3-17-dbgsym postgresql-pltcl-17 postgresql-pltcl-17-dbgsym postgresql-server-dev-17 postgresql-server-dev-17-dbgsym
Architecture: i386
Version: 17.8-0+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 17
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-17 - The World's Most Advanced Open Source Relational Database
 postgresql-client-17 - front-end programs for PostgreSQL 17
 postgresql-plperl-17 - PL/Perl procedural language for PostgreSQL 17
 postgresql-plpython3-17 - PL/Python 3 procedural language for PostgreSQL 17
 postgresql-pltcl-17 - PL/Tcl procedural language for PostgreSQL 17
 postgresql-server-dev-17 - development files for PostgreSQL 17 server-side programming
Changes:
 postgresql-17 (17.8-0+deb13u1) trixie-security; urgency=medium
 .
   * New upstream version 17.8.
 .
     + Guard against unexpected dimensions of oidvector/int2vector (Tom Lane)
 .
       These data types are expected to be 1-dimensional arrays containing no
       nulls, but there are cast pathways that permit violating those
       expectations.  Add checks to some functions that were depending on those
       expectations without verifying them, and could misbehave in consequence.
 .
       The PostgreSQL Project thanks Altan Birler for reporting this problem.
       (CVE-2026-2003)
 .
     + Harden selectivity estimators against being attached to operators that
       accept unexpected data types (Tom Lane)
 .
       contrib/intarray contained a selectivity estimation function that could
       be abused for arbitrary code execution, because it did not check that
       its input was of the expected data type.  Third-party extensions should
       check for similar hazards and add defenses using the technique intarray
       now uses. Since such extension fixes will take time, we now require
       superuser privilege to attach a non-built-in selectivity estimator to an
       operator.
 .
       The PostgreSQL Project thanks Daniel Firer, as part of zeroday.cloud,
       for reporting this problem. (CVE-2026-2004)
 .
     + Fix buffer overrun in contrib/pgcrypto's PGP decryption functions
       (Michael Paquier)
 .
       Decrypting a crafted message with an overlength session key caused a
       buffer overrun, with consequences as bad as arbitrary code execution.
 .
       The PostgreSQL Project thanks Team Xint Code, as part of zeroday.cloud,
       for reporting this problem. (CVE-2026-2005)
 .
     + Fix inadequate validation of multibyte character lengths
       (Thomas Munro, Noah Misch)
 .
       Assorted bugs allowed an attacker able to issue crafted SQL to overrun
       string buffers, with consequences as bad as arbitrary code execution.
       After these fixes, applications may observe invalid byte sequence for
       encoding errors when string functions process invalid text that has been
       stored in the database.
 .
       The PostgreSQL Project thanks Paul Gerste and Moritz Sanft, as part of
       zeroday.cloud, for reporting this problem. (CVE-2026-2006)
Checksums-Sha1:
 bd6af830beb09fc5eea2929372852da3901067d5 14332 libecpg-compat3-dbgsym_17.8-0+deb13u1_i386.deb
 494ca87e648461675b92d0f01ec0dc75cad132a1 18188 libecpg-compat3_17.8-0+deb13u1_i386.deb
 40a1e61af1d0eae9c387db0204b038cd99d32169 273628 libecpg-dev-dbgsym_17.8-0+deb13u1_i386.deb
 1ef0409e2ad34122769d2cd5dc1db141571d09ca 312132 libecpg-dev_17.8-0+deb13u1_i386.deb
 75b068126ee8da0be6811cc631610a8cb7947c9d 102884 libecpg6-dbgsym_17.8-0+deb13u1_i386.deb
 c81262de74c04a9c0783aee1f04ae37508036c98 66712 libecpg6_17.8-0+deb13u1_i386.deb
 768d9ef97d53fb386ef0115b3ca5f3424da47633 83412 libpgtypes3-dbgsym_17.8-0+deb13u1_i386.deb
 97f9d70f801d2945cba228d92cf657563651bcd4 48432 libpgtypes3_17.8-0+deb13u1_i386.deb
 17c6e6cc1372ab372b5ed543a2e0392ead966437 161604 libpq-dev_17.8-0+deb13u1_i386.deb
 fdc6b1db1f5852ef937ff5fe52bce3b30b8d486c 260852 libpq5-dbgsym_17.8-0+deb13u1_i386.deb
 f64e58d65d2d95f83dfd2bc8ddc9938cb52a57b5 237660 libpq5_17.8-0+deb13u1_i386.deb
 285950dfd211eb958aba09f8b29f2331c6eef48a 17706944 postgresql-17-dbgsym_17.8-0+deb13u1_i386.deb
 b194b2fa209c68e9cad9c9118d980d22ab060206 17035 postgresql-17_17.8-0+deb13u1_i386-buildd.buildinfo
 5d64af9cd1511429fd3e42ad20c7fb2bc521c901 16811656 postgresql-17_17.8-0+deb13u1_i386.deb
 98471b0588c8f0a848a7fd59a1f2db2b1b64548b 2579844 postgresql-client-17-dbgsym_17.8-0+deb13u1_i386.deb
 8fff5d7cbca99241ea6a08f51abacde555278ead 2071424 postgresql-client-17_17.8-0+deb13u1_i386.deb
 2ad13f747b2fb35f86482750025bded0b23966ba 190092 postgresql-plperl-17-dbgsym_17.8-0+deb13u1_i386.deb
 47137e7d83fa335c527f4ea646d7caae51d55078 89440 postgresql-plperl-17_17.8-0+deb13u1_i386.deb
 83f3a36fa4161f15bc3e5109473050a883622be6 188144 postgresql-plpython3-17-dbgsym_17.8-0+deb13u1_i386.deb
 e9453dc29ae30c767f3892e51d87648139bb8b7b 113552 postgresql-plpython3-17_17.8-0+deb13u1_i386.deb
 042be91b7014a019d6d0862c1bf17eb3dbb24334 78148 postgresql-pltcl-17-dbgsym_17.8-0+deb13u1_i386.deb
 b61470c945b217ff68a7d721f1a921ea01d6fbea 45056 postgresql-pltcl-17_17.8-0+deb13u1_i386.deb
 88dc600072acbb89640ee11aeea82279fb4e136e 54000 postgresql-server-dev-17-dbgsym_17.8-0+deb13u1_i386.deb
 02f4c18a9815a25503701237a6a6c28a6c256917 1338092 postgresql-server-dev-17_17.8-0+deb13u1_i386.deb
Checksums-Sha256:
 a034431796d93c41034fdd1ac9647c076fd8cc5afbe9e5b1c28cf8cdbf19fa91 14332 libecpg-compat3-dbgsym_17.8-0+deb13u1_i386.deb
 e60fb6ac886e0edc354af58b6d2949fc67f503f0181a1fb75f77096001e07a5c 18188 libecpg-compat3_17.8-0+deb13u1_i386.deb
 29d50b6cfde6b2e3d36a8cde8d2b563a3e2552452c816d030bf97932e449c9d2 273628 libecpg-dev-dbgsym_17.8-0+deb13u1_i386.deb
 8284fd02405aeae30c2f2a7291aa33fe1879b0f724ead50c2eeb36f40ae09639 312132 libecpg-dev_17.8-0+deb13u1_i386.deb
 72bf300cf239f6e11f3e51f0572d5f95e517c7521742b9b0560f5b6bd1a091c6 102884 libecpg6-dbgsym_17.8-0+deb13u1_i386.deb
 0246175c3d7719298cde7754114432c0d381195b0a057c4b77ba38236c0e2154 66712 libecpg6_17.8-0+deb13u1_i386.deb
 8b4d6a5110e03f4b019b5c2d3585cc47cb89b25aa2fc6288bfb3d2f2e86d72a5 83412 libpgtypes3-dbgsym_17.8-0+deb13u1_i386.deb
 2b96954e48c38416af7732a157cbe36d0c42c8e92de5655a2e9153b3281c3a2e 48432 libpgtypes3_17.8-0+deb13u1_i386.deb
 84c00066089004f800fd23273e1ba80b2df6a99831b5860e3fe0053be503914f 161604 libpq-dev_17.8-0+deb13u1_i386.deb
 4aaf719a6087baa83390ceb4581b98f2363e9feec9263d71eb968a64256e8253 260852 libpq5-dbgsym_17.8-0+deb13u1_i386.deb
 a42acc3cc9cfbc80135c31fc4c25935569c22974a7d0df7d60d367a189ae9cac 237660 libpq5_17.8-0+deb13u1_i386.deb
 270a5e8d18eb295b8b7f578160ce9a81816d3d36917356f7f24284ce8f605b32 17706944 postgresql-17-dbgsym_17.8-0+deb13u1_i386.deb
 2ccf4f818f24496285c389e23a7d15d56ba8e31e058c73a67d9b1e019e00b90e 17035 postgresql-17_17.8-0+deb13u1_i386-buildd.buildinfo
 66031f595627b72175994f51cf59c0410ad3301afcce797dd7137643be7ab700 16811656 postgresql-17_17.8-0+deb13u1_i386.deb
 f6aeea527b540bd6103b93ae20530dbfaed26bedf7671aa6e9428e912b9b9d3c 2579844 postgresql-client-17-dbgsym_17.8-0+deb13u1_i386.deb
 d188264e1c6c3aa483d5165528d61cca9415c77dc5341b0430641ab2e448a1e7 2071424 postgresql-client-17_17.8-0+deb13u1_i386.deb
 0bab7ac2a87409430d523b8c2d76075a70920a7a68ccc417a2d821cac0fa47a4 190092 postgresql-plperl-17-dbgsym_17.8-0+deb13u1_i386.deb
 9d9aad913f9a3a69e2f8ff90f9f4b34e7711f85fae824aeba53b69be2d5c88b2 89440 postgresql-plperl-17_17.8-0+deb13u1_i386.deb
 1ce9b8f14499a7bab1207f1d7dff6cae75bc0363a2526ed472cc8862ebc18376 188144 postgresql-plpython3-17-dbgsym_17.8-0+deb13u1_i386.deb
 67c4a6360e3bfbe1df89ac947e41152899c5cba3ccd950124767ea58527ad033 113552 postgresql-plpython3-17_17.8-0+deb13u1_i386.deb
 e911a629912dd996381e941a62ddcf6549be241f823e145a9898a326fa58a056 78148 postgresql-pltcl-17-dbgsym_17.8-0+deb13u1_i386.deb
 7e443cb545305ca854eb483deb54baa19aa34604a1fefaf193325eadeafec6df 45056 postgresql-pltcl-17_17.8-0+deb13u1_i386.deb
 4257cc9aad43d79e2ddb311298bedb8414d793f3fdb8dc712558302b6cbcbb02 54000 postgresql-server-dev-17-dbgsym_17.8-0+deb13u1_i386.deb
 41f29b361ce0ce502fd306ae06b7731fe794fba2f1bb3a78767beacccca7ba9a 1338092 postgresql-server-dev-17_17.8-0+deb13u1_i386.deb
Files:
 68d02fa0aa95615a00f0196bed1ceed9 14332 debug optional libecpg-compat3-dbgsym_17.8-0+deb13u1_i386.deb
 215c8dbd8bd475da802ec93b00edc78a 18188 libs optional libecpg-compat3_17.8-0+deb13u1_i386.deb
 4bd093de294cb42e8f75827434c2acb9 273628 debug optional libecpg-dev-dbgsym_17.8-0+deb13u1_i386.deb
 3c9a46eedfcada63d89d0825a8e49230 312132 libdevel optional libecpg-dev_17.8-0+deb13u1_i386.deb
 e4aaf307fc27d658af11e88142b7480c 102884 debug optional libecpg6-dbgsym_17.8-0+deb13u1_i386.deb
 b278c7227d73b9137d2d1ef375f46014 66712 libs optional libecpg6_17.8-0+deb13u1_i386.deb
 af9bd0197abf42403a3af293ea1e82b0 83412 debug optional libpgtypes3-dbgsym_17.8-0+deb13u1_i386.deb
 ec4aa04ff78ae53db126bbc704106b61 48432 libs optional libpgtypes3_17.8-0+deb13u1_i386.deb
 060c5dd1dc685fb3226cef2e6b4918c6 161604 libdevel optional libpq-dev_17.8-0+deb13u1_i386.deb
 ddd3ed1ae4804486d7bd12dbadb775a9 260852 debug optional libpq5-dbgsym_17.8-0+deb13u1_i386.deb
 bd74ca71b3a8f8a34fc6a2f15e8cd25e 237660 libs optional libpq5_17.8-0+deb13u1_i386.deb
 583f1041c448a560575426fc5ea535a2 17706944 debug optional postgresql-17-dbgsym_17.8-0+deb13u1_i386.deb
 3e7ba872120dcc569247bc25b29cf229 17035 database optional postgresql-17_17.8-0+deb13u1_i386-buildd.buildinfo
 1d852698fcd8df526605eaa7bbe1fd21 16811656 database optional postgresql-17_17.8-0+deb13u1_i386.deb
 e0c287200802b4940ce3e1c8e0dbe2c3 2579844 debug optional postgresql-client-17-dbgsym_17.8-0+deb13u1_i386.deb
 0de222a1efb5512dadb43ac7966d3fec 2071424 database optional postgresql-client-17_17.8-0+deb13u1_i386.deb
 25a1edeaac5752d7e13d274694fa8101 190092 debug optional postgresql-plperl-17-dbgsym_17.8-0+deb13u1_i386.deb
 87ca3f1c051970655c50a80ffc71cac4 89440 database optional postgresql-plperl-17_17.8-0+deb13u1_i386.deb
 7a3db367223db612de503293961f31d5 188144 debug optional postgresql-plpython3-17-dbgsym_17.8-0+deb13u1_i386.deb
 f436ea173663727a48e5e9fd4c29ee70 113552 database optional postgresql-plpython3-17_17.8-0+deb13u1_i386.deb
 c961841c1de7cb3ebc716a197c859ecd 78148 debug optional postgresql-pltcl-17-dbgsym_17.8-0+deb13u1_i386.deb
 a2d58372c4c032c70e6201e57220fd08 45056 database optional postgresql-pltcl-17_17.8-0+deb13u1_i386.deb
 d43da95a9dec3e2a5db6479a561fc0df 54000 debug optional postgresql-server-dev-17-dbgsym_17.8-0+deb13u1_i386.deb
 d6e7f25c0d14b5e587bfb73e5ecb1a8a 1338092 libdevel optional postgresql-server-dev-17_17.8-0+deb13u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEnw0rdzqckKx6dwRTEbCLukZn24oFAmmLaKoACgkQEbCLukZn
24q4pw//TK2lCu2ICBoJNEoqOix/rjiMnZ4BaKmp3uMgvGUiuKvsedKzxzAU4Q3q
nUpWN2zclED/cd36HhYifi8a/XjKqgW36wsDbWVTB0tRNnG8hB2U1Ey3BaXzdatk
TpkdiOXP82ZOmm9EnOAoKeWJuBDOTk9Q/HIvdk3LdT85Z9/x1cbyXdFm8UFpAsVP
0fDTVrUa7x/K2mE5BEYKSF3NWt9yGXBuUGLQvWEonJN4PnU+/cExp8r7FvsJpRC0
tnpVAOybRIUkY/fmunHPN7x+Q6rDox4ZYKoVWNaposqtADwzZaS8MSaj6YBFkYPP
dKGZwCg8R6JeXorWqc6zK4XZ3A9GnkKVP954xTAg0B6tzXPT8gTTDQY6F91Y+1jl
zpKzhLcA6MHDbcMjAL924ixkyny0gv+Q8g9Tg1ITcIJ+Nj3EFQ2VW8T3G7wlorqL
K/AZQTDXmDs5wCuOLnwDpFKR/bcBkHpDyLoRpxpDj/53nFtNI77DmMkqAj6xEMzP
uEtjCnGrUPon1scyxsKRhGcERJAscT9W7XUqcey4tDaBSEZus+gwJZG81dvzI6+d
q1nXmkDp7NgAUGQWDaZNOnDkVG2b69dTP8EQmurxf1eXnCLL36c5AVOoymKAoZar
g/rfnGwjBI9koy7OfQTF/sxpUc5+8gCa1TKOEZNH3ZZD3GTabvs=
=i4kD
-----END PGP SIGNATURE-----