-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 10 Feb 2026 11:50:28 +0100
Source: postgresql-15
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15
Architecture: amd64
Version: 15.16-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 15
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-15 - The World's Most Advanced Open Source Relational Database
 postgresql-client-15 - front-end programs for PostgreSQL 15
 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15
 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15
 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15
 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming
Changes:
 postgresql-15 (15.16-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 15.16.
 .
     + Guard against unexpected dimensions of oidvector/int2vector (Tom Lane)
 .
       These data types are expected to be 1-dimensional arrays containing no
       nulls, but there are cast pathways that permit violating those
       expectations.  Add checks to some functions that were depending on those
       expectations without verifying them, and could misbehave in consequence.
 .
       The PostgreSQL Project thanks Altan Birler for reporting this problem.
       (CVE-2026-2003)
 .
     + Harden selectivity estimators against being attached to operators that
       accept unexpected data types (Tom Lane)
 .
       contrib/intarray contained a selectivity estimation function that could
       be abused for arbitrary code execution, because it did not check that
       its input was of the expected data type.  Third-party extensions should
       check for similar hazards and add defenses using the technique intarray
       now uses. Since such extension fixes will take time, we now require
       superuser privilege to attach a non-built-in selectivity estimator to an
       operator.
 .
       The PostgreSQL Project thanks Daniel Firer, as part of zeroday.cloud,
       for reporting this problem. (CVE-2026-2004)
 .
     + Fix buffer overrun in contrib/pgcrypto's PGP decryption functions
       (Michael Paquier)
 .
       Decrypting a crafted message with an overlength session key caused a
       buffer overrun, with consequences as bad as arbitrary code execution.
 .
       The PostgreSQL Project thanks Team Xint Code, as part of zeroday.cloud,
       for reporting this problem. (CVE-2026-2005)
 .
     + Fix inadequate validation of multibyte character lengths
       (Thomas Munro, Noah Misch)
 .
       Assorted bugs allowed an attacker able to issue crafted SQL to overrun
       string buffers, with consequences as bad as arbitrary code execution.
       After these fixes, applications may observe invalid byte sequence for
       encoding errors when string functions process invalid text that has been
       stored in the database.
 .
       The PostgreSQL Project thanks Paul Gerste and Moritz Sanft, as part of
       zeroday.cloud, for reporting this problem. (CVE-2026-2006)
Checksums-Sha1:
 c4b29c728cf75274a93cfb54758c43b5d019b31c 16644 libecpg-compat3-dbgsym_15.16-0+deb12u1_amd64.deb
 5ad7fa9b5bc8a2fc0030b59a810576fba4400031 20964 libecpg-compat3_15.16-0+deb12u1_amd64.deb
 cc4ba473c55cac1e8d581038aa741c0d29c8cf0f 281972 libecpg-dev-dbgsym_15.16-0+deb12u1_amd64.deb
 3651c6b544ba1cfc92c480e32c733604f1d42986 299352 libecpg-dev_15.16-0+deb12u1_amd64.deb
 1d7982bf71da9f109fe4a312e880be4ab50f2112 113744 libecpg6-dbgsym_15.16-0+deb12u1_amd64.deb
 a05fda5c4126621bea4ff34b87b2f39b7ac40c08 65188 libecpg6_15.16-0+deb12u1_amd64.deb
 5f874573d12833b751ec4135da2002091cbb97ea 88276 libpgtypes3-dbgsym_15.16-0+deb12u1_amd64.deb
 23766e5e746029fd5ca090e2c13b11c6b13af98d 48704 libpgtypes3_15.16-0+deb12u1_amd64.deb
 06ed6cf8eeba754aea06ee366140d9617639e0e3 149252 libpq-dev_15.16-0+deb12u1_amd64.deb
 c1b722edf94ef5b9f0dcfbb56a0e70013899a682 281404 libpq5-dbgsym_15.16-0+deb12u1_amd64.deb
 a655572003cf91c46d2779fd9f2fca36df3ee850 195876 libpq5_15.16-0+deb12u1_amd64.deb
 17bfcf015949060611cea2cfa7c785bdfdd36ae4 17024840 postgresql-15-dbgsym_15.16-0+deb12u1_amd64.deb
 5105017e62db11f89dbaa9f1e3a5def173507b2e 17331 postgresql-15_15.16-0+deb12u1_amd64-buildd.buildinfo
 8c2c9370e0b45bc071978ac15457cee9b502f9b1 16886368 postgresql-15_15.16-0+deb12u1_amd64.deb
 6152fa3c37853f87e9384e2c392f8c3bd1160db0 2638832 postgresql-client-15-dbgsym_15.16-0+deb12u1_amd64.deb
 cf93536b57695f5f1bbd018edf7b85fb17471678 1741336 postgresql-client-15_15.16-0+deb12u1_amd64.deb
 4650ec97df5737ce42f4939c0841c80b21c3f75a 186792 postgresql-plperl-15-dbgsym_15.16-0+deb12u1_amd64.deb
 5366b4817e3b54a7b1022042af8a1a646bc94601 94088 postgresql-plperl-15_15.16-0+deb12u1_amd64.deb
 5f49d58647345eee157e7d9521ce01b9438ab50b 178608 postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_amd64.deb
 a0f60844b57968dec499cb28e2e56163a5a1c019 115104 postgresql-plpython3-15_15.16-0+deb12u1_amd64.deb
 d05e1abe2e4772a22eeebb60c04c7602336a72a3 79696 postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_amd64.deb
 a9eb28f2a2d430fb6d5a6373eac3c298e4f4b328 45992 postgresql-pltcl-15_15.16-0+deb12u1_amd64.deb
 e3f8f793e766cb893998a89ae7641f404429fb12 1155532 postgresql-server-dev-15_15.16-0+deb12u1_amd64.deb
Checksums-Sha256:
 826291490c57e900562f0b014b75c68e6ae32fce693c4c53a025f2d76bab6551 16644 libecpg-compat3-dbgsym_15.16-0+deb12u1_amd64.deb
 86756e005215112cdd76359aae538b314e62e97d5992595b3d050bfa49d6afa5 20964 libecpg-compat3_15.16-0+deb12u1_amd64.deb
 22684c07591645818ebb326b0ee2f6dbbedcb40240d7401e4e6c77198eedf981 281972 libecpg-dev-dbgsym_15.16-0+deb12u1_amd64.deb
 9121c81a5145f6adb0a688f6e6b4dc4458dc3f3fa5875ba9fc7e9aa7e96fa1bd 299352 libecpg-dev_15.16-0+deb12u1_amd64.deb
 bee8ddb9fa3aae2497dfa7f2fe87acc7c04cf5e2c7f6f0585e04631f784dcbfd 113744 libecpg6-dbgsym_15.16-0+deb12u1_amd64.deb
 a4f3e07ad56873162bdc7217b6e94696b0e7519836f515cb86ddfdab3883d1d3 65188 libecpg6_15.16-0+deb12u1_amd64.deb
 be9bfa8e2b48ed27bebd44fe7db5937e7ef6a62f81130390956f213718235f94 88276 libpgtypes3-dbgsym_15.16-0+deb12u1_amd64.deb
 d42c4f133fb7c9195eebd44d36a87d9b2eddd888b590c0ac5b340979242c87a1 48704 libpgtypes3_15.16-0+deb12u1_amd64.deb
 4bf7df1a3e116dc8f2926aeb9657254acc54235f21bc03e2f4adccb259e2cf82 149252 libpq-dev_15.16-0+deb12u1_amd64.deb
 3a3598647b50d9a9b6454698e1c1e37fda8df4cef909e10c19f0749d9851bfdf 281404 libpq5-dbgsym_15.16-0+deb12u1_amd64.deb
 930fdddd4b570651f5b352d14c6744abd3d23467e77c8f39a1ec25702f8680a5 195876 libpq5_15.16-0+deb12u1_amd64.deb
 e86df290dddeff1c2a693ee2e8d54bc384c13bda87bd1010bd6670cc481ea431 17024840 postgresql-15-dbgsym_15.16-0+deb12u1_amd64.deb
 063a27bf1e36b2f63576099f2a8df00fdc3994ae7e472d99d2e915e8378ab160 17331 postgresql-15_15.16-0+deb12u1_amd64-buildd.buildinfo
 e3cad20b4db3a16ba8fb438ffb03778b99fcb9dc9df08f366fd562296dacf0d9 16886368 postgresql-15_15.16-0+deb12u1_amd64.deb
 100946c9dd82327bbaa494d28a374b206a9c1c304636423b262a5b6d683e6c20 2638832 postgresql-client-15-dbgsym_15.16-0+deb12u1_amd64.deb
 7bd128ea802231ec6f601c56744deac916c8abbb066c3db148777e4ccc45dc16 1741336 postgresql-client-15_15.16-0+deb12u1_amd64.deb
 0c38d2cefe95232aa4e790bec61171a0be95b420b5573ae0adbe355bec430502 186792 postgresql-plperl-15-dbgsym_15.16-0+deb12u1_amd64.deb
 df6d035a91e743b6e59b55a26c902fd37773abe70491c313ee7ace931ed7fb35 94088 postgresql-plperl-15_15.16-0+deb12u1_amd64.deb
 1ffe0d93b99979a0809345739f65fb8d5c5cd5486c117738db3e09368aa6cbef 178608 postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_amd64.deb
 54343964f21a52a92bdffa31fe6e5361339fd04f80e1da6098c4da8d3a7101f1 115104 postgresql-plpython3-15_15.16-0+deb12u1_amd64.deb
 0382e5c6ce77590043e0798ff721fc113d621925f123bcc9fbdbcf4d41b6d5ed 79696 postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_amd64.deb
 1552cfc85a533141ca623315ca2442b5cae588d4f8a14dde4cb295b3e1a6b0a4 45992 postgresql-pltcl-15_15.16-0+deb12u1_amd64.deb
 904384cdec810e32d064c25bdae7ec1451cccc9a83e464ba894de8bf04ec457e 1155532 postgresql-server-dev-15_15.16-0+deb12u1_amd64.deb
Files:
 db0075a0ec7ae923039830a41dac5379 16644 debug optional libecpg-compat3-dbgsym_15.16-0+deb12u1_amd64.deb
 1bbf8b29650c083e6b79cea91588b607 20964 libs optional libecpg-compat3_15.16-0+deb12u1_amd64.deb
 cea26f2b11c34aef0d5aa2eceb160ef6 281972 debug optional libecpg-dev-dbgsym_15.16-0+deb12u1_amd64.deb
 a4c017c51009f93cf85e223be4bc62ca 299352 libdevel optional libecpg-dev_15.16-0+deb12u1_amd64.deb
 14070c9760802342efe3124dd43715a7 113744 debug optional libecpg6-dbgsym_15.16-0+deb12u1_amd64.deb
 14cda123c88c93bd6f1ecc0a6d0f31a6 65188 libs optional libecpg6_15.16-0+deb12u1_amd64.deb
 a24b9755f27e6f606273b12f44bc01c5 88276 debug optional libpgtypes3-dbgsym_15.16-0+deb12u1_amd64.deb
 88e82cb099010d420b14ade79e75ad0b 48704 libs optional libpgtypes3_15.16-0+deb12u1_amd64.deb
 3f599f1b8ade24e8e96d6465f16bd879 149252 libdevel optional libpq-dev_15.16-0+deb12u1_amd64.deb
 e4cf0d29fbe9b01fff741f5ebe9635dc 281404 debug optional libpq5-dbgsym_15.16-0+deb12u1_amd64.deb
 dd53c01b3d592d3efd803aac6cef23ab 195876 libs optional libpq5_15.16-0+deb12u1_amd64.deb
 0ed2c5dc4cdf69aa7fc30f6bb1ff51a7 17024840 debug optional postgresql-15-dbgsym_15.16-0+deb12u1_amd64.deb
 35bf42b96ed8b15d67729f8d7004bb3f 17331 database optional postgresql-15_15.16-0+deb12u1_amd64-buildd.buildinfo
 f3661fbbf80e792b79d50cad40fc6ee9 16886368 database optional postgresql-15_15.16-0+deb12u1_amd64.deb
 3f1e2324505bb5b79e6d4c5479707200 2638832 debug optional postgresql-client-15-dbgsym_15.16-0+deb12u1_amd64.deb
 7582b5cb0af9d9dd80e7577e8480db6b 1741336 database optional postgresql-client-15_15.16-0+deb12u1_amd64.deb
 9fa622234d76d84f0d684d5a2cec0540 186792 debug optional postgresql-plperl-15-dbgsym_15.16-0+deb12u1_amd64.deb
 fdd51e249b7413dd54ee792b132bea30 94088 database optional postgresql-plperl-15_15.16-0+deb12u1_amd64.deb
 8361349623d2f630a966d44c7c8dd6f5 178608 debug optional postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_amd64.deb
 29f7dfb944b32c1854a277b4fd29396b 115104 database optional postgresql-plpython3-15_15.16-0+deb12u1_amd64.deb
 78613e83f278d5e01b680edfbcd5fd3b 79696 debug optional postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_amd64.deb
 e6525799406cbbc280868242d1b0e917 45992 database optional postgresql-pltcl-15_15.16-0+deb12u1_amd64.deb
 49b9f033d138634b4eb6bf7dccb38d19 1155532 libdevel optional postgresql-server-dev-15_15.16-0+deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEnw0rdzqckKx6dwRTEbCLukZn24oFAmmLX20ACgkQEbCLukZn
24q/TA//Y9iQFhCPha3GN1+SPZWCaV/KLr2mAOyKi5iudMmn0+7gd0xnfWOiNgor
RgEk5v0vrehH+BHuaA0U+LfI14IvuAJgERHKGQMoacfHX86wiQxqYJ7emWITLsKW
hwiRFmTVkzxdH/na859p4DWSehdcGo71Js9dioznQofMOhLO8Jo0N5v4t1uVr6WZ
lz0NhlQqNUmk9nGilIUITLN9l3eKvT60idUOxhs0gbyoedcX6nCDkLsrdTTQ/zG5
Gy+XrR7TFD9mbvt2ecHTcyKtkaDsG3tY9QAoyHWwy6Z/IhtIDSvqja9IuupN4NRj
vofs3C0uHZfBFvsvehdyD0ZsgtUKnoXVxIwvhvBtkTHp4kUZN9GY6EGAx9IRxjRp
1OnI68SbIt4rcT8jUPIttgNozUbq9YCdJY63qV2rG+MuDMPtl4UNR2iRRNGTuwby
EXxOa2gAUsDXPEsGin8fkn94IefWVBeKEnuqTl5LnpXplXb7yaItbQTYrAu1N9vD
pB5esvQZ5QxdFDM9WIyNvKkykGcOtZEzxjUfxSlvQwLcWBTLEmivSsUEcwRO0ww3
ixTlUWldFCwu9TlNdodv8i7kryr3kgF7ygvBflEzdSEFjLThzGOv5Gk0TtFQIvJI
zyPuX50w3/TJ0MDeNuL+nn1adE3UHu9QfKxL3J08txk3y50aYKQ=
=uxUC
-----END PGP SIGNATURE-----