-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 10 Feb 2026 11:50:28 +0100
Source: postgresql-15
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15
Architecture: s390x
Version: 15.16-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: s390x Build Daemon (zani) <buildd_s390x-zani@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 15
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-15 - The World's Most Advanced Open Source Relational Database
 postgresql-client-15 - front-end programs for PostgreSQL 15
 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15
 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15
 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15
 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming
Changes:
 postgresql-15 (15.16-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 15.16.
 .
     + Guard against unexpected dimensions of oidvector/int2vector (Tom Lane)
 .
       These data types are expected to be 1-dimensional arrays containing no
       nulls, but there are cast pathways that permit violating those
       expectations.  Add checks to some functions that were depending on those
       expectations without verifying them, and could misbehave in consequence.
 .
       The PostgreSQL Project thanks Altan Birler for reporting this problem.
       (CVE-2026-2003)
 .
     + Harden selectivity estimators against being attached to operators that
       accept unexpected data types (Tom Lane)
 .
       contrib/intarray contained a selectivity estimation function that could
       be abused for arbitrary code execution, because it did not check that
       its input was of the expected data type.  Third-party extensions should
       check for similar hazards and add defenses using the technique intarray
       now uses. Since such extension fixes will take time, we now require
       superuser privilege to attach a non-built-in selectivity estimator to an
       operator.
 .
       The PostgreSQL Project thanks Daniel Firer, as part of zeroday.cloud,
       for reporting this problem. (CVE-2026-2004)
 .
     + Fix buffer overrun in contrib/pgcrypto's PGP decryption functions
       (Michael Paquier)
 .
       Decrypting a crafted message with an overlength session key caused a
       buffer overrun, with consequences as bad as arbitrary code execution.
 .
       The PostgreSQL Project thanks Team Xint Code, as part of zeroday.cloud,
       for reporting this problem. (CVE-2026-2005)
 .
     + Fix inadequate validation of multibyte character lengths
       (Thomas Munro, Noah Misch)
 .
       Assorted bugs allowed an attacker able to issue crafted SQL to overrun
       string buffers, with consequences as bad as arbitrary code execution.
       After these fixes, applications may observe invalid byte sequence for
       encoding errors when string functions process invalid text that has been
       stored in the database.
 .
       The PostgreSQL Project thanks Paul Gerste and Moritz Sanft, as part of
       zeroday.cloud, for reporting this problem. (CVE-2026-2006)
Checksums-Sha1:
 2150a956c2937e995e231fa653976af152407ffb 16520 libecpg-compat3-dbgsym_15.16-0+deb12u1_s390x.deb
 1b2c8ea018ab2480ec04483d711d1bcc9cc5e762 20708 libecpg-compat3_15.16-0+deb12u1_s390x.deb
 110a8474760d300751c63bbd2231f54c4c33d2bc 214420 libecpg-dev-dbgsym_15.16-0+deb12u1_s390x.deb
 40ae575086d60cb4e41fc4439f7581fc5f62f779 283612 libecpg-dev_15.16-0+deb12u1_s390x.deb
 d8341e873b34dc7e468397d751fabf6001c2a83c 112804 libecpg6-dbgsym_15.16-0+deb12u1_s390x.deb
 d1cc85e3d2911c46276eddb2a5efc32397a83415 62492 libecpg6_15.16-0+deb12u1_s390x.deb
 e36c15341969ab8c1a7f8501dbded3666aaf8e63 88400 libpgtypes3-dbgsym_15.16-0+deb12u1_s390x.deb
 69428c2c444bcce2ea07aac8a2b81e3f661b028d 47516 libpgtypes3_15.16-0+deb12u1_s390x.deb
 7108f32235a393d6526d5c8cd3fa09334423c40f 142428 libpq-dev_15.16-0+deb12u1_s390x.deb
 1d4e129362cbb49c15b819f478473c5062ac645c 276416 libpq5-dbgsym_15.16-0+deb12u1_s390x.deb
 1f021fcd263e142722b9760dc0f86fcf553885b8 184392 libpq5_15.16-0+deb12u1_s390x.deb
 721b773147bc372952f0382c2307be54bb31a0fe 15496780 postgresql-15-dbgsym_15.16-0+deb12u1_s390x.deb
 cc7d8bd78259ae1ffb8e754247ba2850f7623071 16222 postgresql-15_15.16-0+deb12u1_s390x-buildd.buildinfo
 a6804e222a811a55dc95f33c72926becfe8e52d1 5659944 postgresql-15_15.16-0+deb12u1_s390x.deb
 1abe6542bd8f62acc0cafcb65f65ab23eb1306a0 2440776 postgresql-client-15-dbgsym_15.16-0+deb12u1_s390x.deb
 babd0f0fe71e3723b9c451cd9249526ebb03f961 1680984 postgresql-client-15_15.16-0+deb12u1_s390x.deb
 76535519823ff4cd6e9cde514ca16aa94d54d38e 180484 postgresql-plperl-15-dbgsym_15.16-0+deb12u1_s390x.deb
 73b2befeaaae868805fce03ab3f67e2f88dcdf67 69072 postgresql-plperl-15_15.16-0+deb12u1_s390x.deb
 fa931c8d0bea8ea93e0920298cbf7059e965d0bf 170228 postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_s390x.deb
 bf1e86ddf13efb7e27623761b15b5049ff348c55 91980 postgresql-plpython3-15_15.16-0+deb12u1_s390x.deb
 a04dbfe1a2d0d1439825cb6f017d04dd7cd164ed 77776 postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_s390x.deb
 cd38521c6089360cb33060bad0c8af50bd350eb2 44696 postgresql-pltcl-15_15.16-0+deb12u1_s390x.deb
 08ff0a04aaee822f22f7d42c16f5b0dbdd1bd34c 1147036 postgresql-server-dev-15_15.16-0+deb12u1_s390x.deb
Checksums-Sha256:
 9e682467448db2fdef5222bd47ee8fd05f21c16530f7a4965df416922880374f 16520 libecpg-compat3-dbgsym_15.16-0+deb12u1_s390x.deb
 3e3e1d662d02001cfe27f5cbc0b14867d713f71e8a677515c2e74579f41a1cad 20708 libecpg-compat3_15.16-0+deb12u1_s390x.deb
 70f0315d2aa1ce98ccb74cc049cf97c9cd0e888715247ab45d7361937cd81084 214420 libecpg-dev-dbgsym_15.16-0+deb12u1_s390x.deb
 651663edd42b3b659407e23a73a2ab52d30e4a5e4d140bddc34526c016bf6740 283612 libecpg-dev_15.16-0+deb12u1_s390x.deb
 8c2df24d8e512a8208ddd937faad142ed5ce022791952774ba11ca895bbb3276 112804 libecpg6-dbgsym_15.16-0+deb12u1_s390x.deb
 ab858555a624d3d351fedd08404bb9df8d553ed5adcaef6d2ca0fee1bcef394d 62492 libecpg6_15.16-0+deb12u1_s390x.deb
 8bdd449d17d9563cc7ce7a1499e2c289f3bfe54d89166e5e9ee659f582572699 88400 libpgtypes3-dbgsym_15.16-0+deb12u1_s390x.deb
 326ea3af4c5eba4aed39c247f0b88f3f61a05f53fcce58e2ae3fd68dedb7ccbd 47516 libpgtypes3_15.16-0+deb12u1_s390x.deb
 53251aa952996f093e5056cfb933e7fa8d97e0272ce0522a55ecc294384c8607 142428 libpq-dev_15.16-0+deb12u1_s390x.deb
 4c5db99f7a91f912ebaeae2ebdd8f211b04ee123f7897d45aedf58be5243d06d 276416 libpq5-dbgsym_15.16-0+deb12u1_s390x.deb
 36d99ad867217caf1601fa3bd4c565bb2296e23737209ec7ba2fc00ec8f3acd0 184392 libpq5_15.16-0+deb12u1_s390x.deb
 8bea10ae9aa01ebdb82e8eea675869f033de3ad2eb6b9b570532d0e2ecf59323 15496780 postgresql-15-dbgsym_15.16-0+deb12u1_s390x.deb
 34377d06f39c1d213a65ade87dee71c7d00a5690c3c65eff234e702b52ac3284 16222 postgresql-15_15.16-0+deb12u1_s390x-buildd.buildinfo
 6bd6e58e75825d95f8dfe07b0224c440fc1e4466be0faa45b5ff714fccde444e 5659944 postgresql-15_15.16-0+deb12u1_s390x.deb
 f600ba89413c0fcd7d2d7a76513ff9637ebd648e3fae07664af04bc6b0a9d275 2440776 postgresql-client-15-dbgsym_15.16-0+deb12u1_s390x.deb
 4774b1dd25644ee38b884ec863dedbb8ec55b28d90db14813cfac4ea5e9d8233 1680984 postgresql-client-15_15.16-0+deb12u1_s390x.deb
 816125037e665c80692d1fcb785ce8395b591708735836346a32d60834b87570 180484 postgresql-plperl-15-dbgsym_15.16-0+deb12u1_s390x.deb
 f604ef4f76417c76e5036c41e6cb0e5d51156f7054e310749af285febda8380b 69072 postgresql-plperl-15_15.16-0+deb12u1_s390x.deb
 f5709d84b15917ce9a26bdc880cd319d40c949f9a802b70e6326ffcab586ea86 170228 postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_s390x.deb
 4c00dbf0c2e964f2626bfdf4d922245c557852d8c319c84e92cdfad5bf7d2240 91980 postgresql-plpython3-15_15.16-0+deb12u1_s390x.deb
 b788e62754f4c940fc03d1165af23874bbd2e8048df1b8ceca3c975028fcced5 77776 postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_s390x.deb
 ccccfdc85d392c618a73e45e6f860b2beb5a351141ab3e6084614f0d26d25271 44696 postgresql-pltcl-15_15.16-0+deb12u1_s390x.deb
 1a153cd298933445e983defb2fdb1f1b6d5ecdaea932736779051e7ddb9a2ce1 1147036 postgresql-server-dev-15_15.16-0+deb12u1_s390x.deb
Files:
 7c367f5b289f5a2f0da59ef08e2388d7 16520 debug optional libecpg-compat3-dbgsym_15.16-0+deb12u1_s390x.deb
 8047de53ef6fc5637a43e72635c5bee9 20708 libs optional libecpg-compat3_15.16-0+deb12u1_s390x.deb
 3dd51e32b41a45c9f6488f40b80f7d55 214420 debug optional libecpg-dev-dbgsym_15.16-0+deb12u1_s390x.deb
 bceccd178ce08ad8cb89ebc64f2f9b4e 283612 libdevel optional libecpg-dev_15.16-0+deb12u1_s390x.deb
 e387984285a5b4164ce38b1e6b84589e 112804 debug optional libecpg6-dbgsym_15.16-0+deb12u1_s390x.deb
 33c8f558d69169f09296da177ac8e4d6 62492 libs optional libecpg6_15.16-0+deb12u1_s390x.deb
 2e3b4406bc3dde8bf28baebc8bcb4020 88400 debug optional libpgtypes3-dbgsym_15.16-0+deb12u1_s390x.deb
 eff63406dbf377ad58b1c7f90ee34ac7 47516 libs optional libpgtypes3_15.16-0+deb12u1_s390x.deb
 a483ff0bf658806aef5f327bc9dd041f 142428 libdevel optional libpq-dev_15.16-0+deb12u1_s390x.deb
 fd1d8070fd658e59f683af9a4c6f7c09 276416 debug optional libpq5-dbgsym_15.16-0+deb12u1_s390x.deb
 a85d14355081bf4dfb43f0fa97842e0e 184392 libs optional libpq5_15.16-0+deb12u1_s390x.deb
 427f8a202fadc313a576df7885f6d2ed 15496780 debug optional postgresql-15-dbgsym_15.16-0+deb12u1_s390x.deb
 3d538f817ec82dada32acc507271b40e 16222 database optional postgresql-15_15.16-0+deb12u1_s390x-buildd.buildinfo
 2174bbe111473130c477981a995e46ba 5659944 database optional postgresql-15_15.16-0+deb12u1_s390x.deb
 bbd483f4836b0da2e4c3886d0355d8f2 2440776 debug optional postgresql-client-15-dbgsym_15.16-0+deb12u1_s390x.deb
 696c2fb6e0706172ac3a6e4fd5ced3eb 1680984 database optional postgresql-client-15_15.16-0+deb12u1_s390x.deb
 65759eae0b73566f908de44c38d5466d 180484 debug optional postgresql-plperl-15-dbgsym_15.16-0+deb12u1_s390x.deb
 d5415a85ac593b2c5e47bbbeaf8849c9 69072 database optional postgresql-plperl-15_15.16-0+deb12u1_s390x.deb
 929b01d51b7e5a6e1d90beb0d6b2bb70 170228 debug optional postgresql-plpython3-15-dbgsym_15.16-0+deb12u1_s390x.deb
 6ffdee343564437fec1ca273fd9d7fdf 91980 database optional postgresql-plpython3-15_15.16-0+deb12u1_s390x.deb
 7116d6745573ec90e629da9e114f07b7 77776 debug optional postgresql-pltcl-15-dbgsym_15.16-0+deb12u1_s390x.deb
 f2f0b2e59deba90f4e1a868470054fb6 44696 database optional postgresql-pltcl-15_15.16-0+deb12u1_s390x.deb
 5b8f68f81ccfb9f3df695bafb9751463 1147036 libdevel optional postgresql-server-dev-15_15.16-0+deb12u1_s390x.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgh4msZ+e2PZfd5KckaCrxAR3BY0FAmmLX+cACgkQkaCrxAR3
BY2Byg/+N9gN8ySJSpvMmgSCTF0zkvwE55TcCk68AP1LO9NqeqEoZtg9uJvHvfdE
n5ut0GYCd/qfcpKA/T+3k7ZUv4rle8yyVsOPFZUM2jaaWITK/W7vKZijiXaEcOLM
pEAQq1KTm4HMiMxns5NGJBV+H5NVRGljppuhR0sLASzd2gxqkX1jvZ5grzYhCewx
WNbpDPKoMOvKl4N674yxoYpCO+uCgWhyo2g3EJ2nF7SY8BDYWxEeOfjBMQ9Q95JI
uASTw6y9YZbQn1psi/lCkEAATw0LkEFJWke2g9G3+LnI2LBjz4skepbz0EDV/Qvp
aPhBe/o0jRQnvjgnCSCdZ6O0O6X6gcz7JE/sWwTY9guvjgdOFoZEkozGy450f8PE
XB+tRZP3hKP7AoDiK89cT4IO3c3Ykkuyv1Z7ZgDLGglMDGUOlNrcYCxBTEnFdKM8
Ja+tZIuFu2e7fj7GAQ3oLPmlWtPXFWT6rXf0XyiXZuGkDVOItLPQGpAx5H8H2R7P
cIbDfpGiZpJfySxU5bRckDuOQVd5wZAfsOx17GloPqth6pUQ2ovlQTCQo6GhAQgl
528iCJ2Ikai35uXycDKncfZD2RqiZ8SlShXD7lOr1cqp3wVZ0CFdLVGUFbDGJmUM
0HDZ9d4wDC/yhFhXz4eaOJ5i+c1cVi6ot+4FiyEpRZF/f3w3+dU=
=UDR5
-----END PGP SIGNATURE-----