-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 May 2026 12:51:10 +0200
Source: postgresql-15
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15
Architecture: amd64
Version: 15.18-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 15
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-15 - The World's Most Advanced Open Source Relational Database
 postgresql-client-15 - front-end programs for PostgreSQL 15
 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15
 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15
 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15
 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming
Changes:
 postgresql-15 (15.18-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 15.18.
 .
     + Prevent unbounded recursion while processing startup packets
       (Michael Paquier)
 .
       A malicious client could crash the connected backend by alternating
       rejected SSL and GSS encryption requests indefinitely.
 .
       The PostgreSQL Project thanks Calif.io (in collaboration with Claude and
       Anthropic Research) for reporting this problem. (CVE-2026-6479)
 .
     + Fix assorted integer overflows in memory-allocation calculations
       (Tom Lane, Nathan Bossart, Heikki Linnakangas)
 .
       Various places were incautious about the possibility of integer overflow
       in calculations of how much memory to allocate.  Overflow would lead to
       allocating a too-small buffer which the caller would then write past the
       end of.  This would at least trigger server crashes, and probably could
       be exploited for arbitrary code execution.  In many but by no means all
       cases, the hazard exists only in 32-bit builds.
 .
       The PostgreSQL Project thanks Xint Code, Bruce Dang, Sven Klemm, and
       Pavel Kohout for reporting these problems. (CVE-2026-6473)
 .
     + Reject over-length options in ts_headline() (Michael Paquier)
 .
       The StartSel, StopSel and FragmentDelimiter strings must not exceed 32Kb
       in length, but this was not checked for.  An over-length value would
       typically crash the server.
 .
       The PostgreSQL Project thanks Xint Code for reporting this problem.
       (CVE-2026-6473)
 .
     + Guard against malicious time zone names in timeofday() and pg_strftime()
       (Tom Lane)
 .
       A crafted time zone setting could pass % sequences to snprintf(),
       potentially causing crashes or disclosure of server memory.  Another
       path to similar results was to overflow the limited-size output buffer
       used by pg_strftime().
 .
       The PostgreSQL Project thanks Xint Code for reporting this problem.
       (CVE-2026-6474)
 .
     + When creating a multirange type, ensure the user has CREATE privilege on
       the schema specified for the multirange type (Jelte Fennema-Nio)
 .
       The multirange type can be put into a different schema than its parent
       range type, but we neglected to apply the required privilege check when
       doing so.
 .
       The PostgreSQL Project thanks Jelte Fennema-Nio for reporting this
       problem. (CVE-2026-6472)
 .
     + Use timing-safe string comparisons in authentication code
       (Michael Paquier)
 .
       Use timingsafe_bcmp() instead of memcpy() or strcmp() when checking
       passwords, hashes, etc.  It is not known whether the data dependency of
       those functions is usefully exploitable in any of these places, but in
       the interests of safety, replace them.
 .
       The PostgreSQL Project thanks Joe Conway for reporting this problem.
       (CVE-2026-6478)
 .
     + Mark PQfn() as unsafe, and avoid using it within libpq (Nathan Bossart)
 .
       For a non-integral result type, PQfn() is not passed the size of the
       output buffer, so it cannot check that the data returned by the server
       will fit.  A malicious server could therefore overwrite client memory.
       This is unfixable without an API change, so mark the function as
       deprecated.  Internally to libpq, use a variant version that can apply
       the missing check.
 .
       The PostgreSQL Project thanks Yu Kunpeng and Martin Heistermann for
       reporting this problem. (CVE-2026-6477)
 .
     + Prevent path traversal in pg_basebackup and pg_rewind (Michael Paquier)
 .
       These applications failed to validate output file paths read from their
       input, so that a malicious source could overwrite any file writable by
       these applications.  Constrain where data can be written by rejecting
       paths that are absolute or contain parent-directory references.
 .
       The PostgreSQL Project thanks XlabAI Team of Tencent Xuanwu Lab and
       Valery Gubanov for reporting this problem. (CVE-2026-6475)
 .
     + Guard against field overflow within contrib/intarray's query_int type
       and contrib/ltree's ltxtquery type (Tom Lane)
 .
       Parsing of these query structures did not check for overflow of 16-bit
       fields, so that construction of an invalid query tree was possible.
       This can crash the server when executing the query.
 .
       The PostgreSQL Project thanks Xint Code for reporting this problem.
       (CVE-2026-6473)
 .
     + Guard against overly long values of contrib/ltree's lquery type
       (Michael Paquier)
 .
       Values with more than 64K items caused internal overflows, potentially
       resulting in stack smashes or wrong answers.
 .
       The PostgreSQL Project thanks Vergissmeinnicht, A1ex, and Jihe Wang for
       reporting this problem. (CVE-2026-6473)
 .
     + Prevent SQL injection and buffer overruns in contrib/spi
       (Nathan Bossart)
 .
       check_foreign_key() was insufficiently careful about quoting key values,
       and also used fixed-length buffers for constructing queries.  While this
       module is only meant as example code, it still shouldn't contain such
       dangerous errors.
 .
       The PostgreSQL Project thanks Nikolay Samokhvalov for reporting this
       problem. (CVE-2026-6637)
Checksums-Sha1:
 473d4c75f0581f1bb6ec19f2bdf2d95c5da796b4 16664 libecpg-compat3-dbgsym_15.18-0+deb12u1_amd64.deb
 fabb41f3aaf4bd68f1df459bdb611eb59f123313 22840 libecpg-compat3_15.18-0+deb12u1_amd64.deb
 5fb5ca9ca7a629d69ea66a8211547ff5574a877a 284296 libecpg-dev-dbgsym_15.18-0+deb12u1_amd64.deb
 c3dbf944a667528f3740354de6f6460e1d5d6459 302136 libecpg-dev_15.18-0+deb12u1_amd64.deb
 aa0e6d46650cb2739981cecc8fb1f6dfe0f8993a 113908 libecpg6-dbgsym_15.18-0+deb12u1_amd64.deb
 f76127d920f22af233f7a5d4384dff67070411e3 67200 libecpg6_15.18-0+deb12u1_amd64.deb
 0426cf32dd9abb35ecebca758745e81a02813290 88276 libpgtypes3-dbgsym_15.18-0+deb12u1_amd64.deb
 161423309e06849825e04b978b4ff09a3edd9ec4 50616 libpgtypes3_15.18-0+deb12u1_amd64.deb
 7e7af51cb0d4fcd2e9809ac29f083212e85f774d 151312 libpq-dev_15.18-0+deb12u1_amd64.deb
 0ef3ba227e0e58934f75af4010bf9fe751c4aaf2 281436 libpq5-dbgsym_15.18-0+deb12u1_amd64.deb
 6cdd7ccba681415d7d48fd14f3dbf739da0fb27a 196908 libpq5_15.18-0+deb12u1_amd64.deb
 5328126a0b46f2bf9602b75a3f76150ad3d06ee2 17074848 postgresql-15-dbgsym_15.18-0+deb12u1_amd64.deb
 2a721d800549a4e9b6135d4af642ab0ef18b4536 17331 postgresql-15_15.18-0+deb12u1_amd64-buildd.buildinfo
 11e08c50e2d647de34c7005ece321bee95ee6c39 16909124 postgresql-15_15.18-0+deb12u1_amd64.deb
 649e4eb305d77991f84651fc0ac7ec9173bff166 2692720 postgresql-client-15-dbgsym_15.18-0+deb12u1_amd64.deb
 80ce8ccf14207c16da3fe441fd2fbd6f731191f8 1746856 postgresql-client-15_15.18-0+deb12u1_amd64.deb
 ada434222def931ce9f95d6536ba3556cf2b2839 186732 postgresql-plperl-15-dbgsym_15.18-0+deb12u1_amd64.deb
 8fc4d206e4f597e078fe2d699a81142d1f8d6c66 96020 postgresql-plperl-15_15.18-0+deb12u1_amd64.deb
 cf653d4db82c3ac7ef9e6ec9fe7a95200aeaa773 179064 postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_amd64.deb
 43e989428d8e4107eb9aca4b2a63c8587fc839bf 116848 postgresql-plpython3-15_15.18-0+deb12u1_amd64.deb
 0d062cf90c38d0c0498f107844016da3149173da 79660 postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_amd64.deb
 b90d204036d4ce73b63ce9ef7b48e902f61be2ce 47996 postgresql-pltcl-15_15.18-0+deb12u1_amd64.deb
 11357e6880c84fa695e98a726b4f027cd8bacafe 1158368 postgresql-server-dev-15_15.18-0+deb12u1_amd64.deb
Checksums-Sha256:
 e1e75c9f597ec7848e957c933fc5b556a7f25be908f062045bc1789cd3f2d250 16664 libecpg-compat3-dbgsym_15.18-0+deb12u1_amd64.deb
 3e18540e12172fb14b9f221de546c0bb80fb01fa86f3dd036afc393150ddd009 22840 libecpg-compat3_15.18-0+deb12u1_amd64.deb
 e5c7e12913819dcce2cb2255a3dd340ab75ea4ff34134b8075b2e3f15935576b 284296 libecpg-dev-dbgsym_15.18-0+deb12u1_amd64.deb
 0683eda383dc7c6065ab973091d26b5d52f296e37e08bc6af420a5bd6543bb30 302136 libecpg-dev_15.18-0+deb12u1_amd64.deb
 03e79293e89a0069bb0c4cdeff412cf365da085f6e23eaea9bfe1409e03dea22 113908 libecpg6-dbgsym_15.18-0+deb12u1_amd64.deb
 164046d2bda4f26950025cc8807aa83e4e80d20b2f09fb6740f73eda11f241c6 67200 libecpg6_15.18-0+deb12u1_amd64.deb
 926b0d557c8fdc7c04c944286c7650c156a82db915bc29476728d1c20d3a11a9 88276 libpgtypes3-dbgsym_15.18-0+deb12u1_amd64.deb
 9a30041c708cbe3f48c0760df6884d4af6207109fab812f0c5da137133dda49b 50616 libpgtypes3_15.18-0+deb12u1_amd64.deb
 59d348c5a42d2ea3aa62ef4fbbea9bda8f643ac28a752ce1917606643761d38a 151312 libpq-dev_15.18-0+deb12u1_amd64.deb
 7764142228404695bae11b24e5d1fab7c34216f79874971fe54338577ec9d9be 281436 libpq5-dbgsym_15.18-0+deb12u1_amd64.deb
 baef57c288d7d8c09c84cd461da35d28f981aa71c60448c1d95b52110cc9faf9 196908 libpq5_15.18-0+deb12u1_amd64.deb
 ea3db36d89e9dcd41895ebb5ce1386b049ce94c75b887b5a80d9be521e6afa38 17074848 postgresql-15-dbgsym_15.18-0+deb12u1_amd64.deb
 684d63e7f2f755a34d98f0ae81cb15987fd4d9ef0732b714f08d7e378444f467 17331 postgresql-15_15.18-0+deb12u1_amd64-buildd.buildinfo
 6974c43ddec4f383d099e7d642cd59d0af83c2c90c0fb153a4179aa1bb4d73c1 16909124 postgresql-15_15.18-0+deb12u1_amd64.deb
 d6db1669618fa1994d8c8e82fae0d230a8964d4343a4ac30c0401178975333e7 2692720 postgresql-client-15-dbgsym_15.18-0+deb12u1_amd64.deb
 fc98076d378231baac95d6eae09a3e01730cd706f4d00bbcda6ba580d38355a1 1746856 postgresql-client-15_15.18-0+deb12u1_amd64.deb
 50bfe1172132e459bab4c776ad7de6baa1b9dc9828f415f09f6ec2bb20340da6 186732 postgresql-plperl-15-dbgsym_15.18-0+deb12u1_amd64.deb
 d1974a65706c7d7ef095fb9e21499a469f9f61f12e5ef755f3ea4481cce887c8 96020 postgresql-plperl-15_15.18-0+deb12u1_amd64.deb
 b3ee5f27e66991b56bb62cca80eb720dc1c6aec2707702042e92c2a51c10c915 179064 postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_amd64.deb
 f9176438410c33fda2843fc7a449766abd2de3d9e2c675c5fdbc4dbcfeb9be9e 116848 postgresql-plpython3-15_15.18-0+deb12u1_amd64.deb
 c118e6a38d636713c217fc3e56c632796731486831764d53bda73ad7c4d615ac 79660 postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_amd64.deb
 030870b1e949385bb5baea8242d12baa80ab42ef17881a1426b91df78e0ee715 47996 postgresql-pltcl-15_15.18-0+deb12u1_amd64.deb
 95cbf539ffef3bb3922cae4193a61778ed014f126855e123bdbd2b267bb371c5 1158368 postgresql-server-dev-15_15.18-0+deb12u1_amd64.deb
Files:
 da7751d85e3eb2f4e13bacd9263e209f 16664 debug optional libecpg-compat3-dbgsym_15.18-0+deb12u1_amd64.deb
 21d317ce8344a142976e69bb6195e5eb 22840 libs optional libecpg-compat3_15.18-0+deb12u1_amd64.deb
 a4db7cdb6e6389058feac85fc503bf8d 284296 debug optional libecpg-dev-dbgsym_15.18-0+deb12u1_amd64.deb
 01f475fb63c8f337c4c64c5d519e427e 302136 libdevel optional libecpg-dev_15.18-0+deb12u1_amd64.deb
 bc9f92779402191df520c497672458bc 113908 debug optional libecpg6-dbgsym_15.18-0+deb12u1_amd64.deb
 d7c3a9800000c1d4d82cb8e6ed17617d 67200 libs optional libecpg6_15.18-0+deb12u1_amd64.deb
 9b2310109791349a06b764c67c94ce4c 88276 debug optional libpgtypes3-dbgsym_15.18-0+deb12u1_amd64.deb
 7f88d5954113c305a2bced1adc2e0292 50616 libs optional libpgtypes3_15.18-0+deb12u1_amd64.deb
 4b6e55c20e913dd89d3646a6f813caea 151312 libdevel optional libpq-dev_15.18-0+deb12u1_amd64.deb
 5e036722ab9625b74a58a014a3d5d1c4 281436 debug optional libpq5-dbgsym_15.18-0+deb12u1_amd64.deb
 b483a1d497ba39b4adb431d3067690bd 196908 libs optional libpq5_15.18-0+deb12u1_amd64.deb
 58e0323061f5656893891cf9fa967894 17074848 debug optional postgresql-15-dbgsym_15.18-0+deb12u1_amd64.deb
 9d4daf40ea7f29ce772e7b82639a2a3f 17331 database optional postgresql-15_15.18-0+deb12u1_amd64-buildd.buildinfo
 e01e88241f211abe57a2c06127879221 16909124 database optional postgresql-15_15.18-0+deb12u1_amd64.deb
 c2e0b67cdc50a15d6af0e535aefb6497 2692720 debug optional postgresql-client-15-dbgsym_15.18-0+deb12u1_amd64.deb
 e88ad2de4e885aa8e4a8719a9394e6b5 1746856 database optional postgresql-client-15_15.18-0+deb12u1_amd64.deb
 bbb968d25e280945fccc27f69acaf493 186732 debug optional postgresql-plperl-15-dbgsym_15.18-0+deb12u1_amd64.deb
 47919ee90ab65897238f6ad96ccd4dad 96020 database optional postgresql-plperl-15_15.18-0+deb12u1_amd64.deb
 e9f5f94fff088215d8325c91221b8b31 179064 debug optional postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_amd64.deb
 d034a31de14cf299db643b1a1fa7fb61 116848 database optional postgresql-plpython3-15_15.18-0+deb12u1_amd64.deb
 25c5ebbe14817aafe67989118594f8b2 79660 debug optional postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_amd64.deb
 dbb7e3543d8837abed200c56f2c068a4 47996 database optional postgresql-pltcl-15_15.18-0+deb12u1_amd64.deb
 cc899d1f39e29f4c640f27789c388c26 1158368 libdevel optional postgresql-server-dev-15_15.18-0+deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7cQ9mRD4+dWjjrb6PkCWRKsh20cFAmoDSUkACgkQPkCWRKsh
20dntw/+Me4gBnC0DSdFDB8+3NOjAx39e0EmCpf/iqGf1Y2ymuH+CgakCX0O+cvC
MUa3sIkV4gG5JAsgWX92E9TTqza3RQLIkho2IsEk1ByET1Q5lCnNn9BK3Mwg8a7L
mE6banSM7BPF3ZjdG004F/nvTGl8gyOzAGy9PmdnOn6d14UHdCLWauXy8x+lLRZq
1vlWp47h4UMfz4IScG5hNS5ZnlJENpiQXoBBDdfFqjRGUoBiTtLZckcE1FLCmZcT
0ZRfsRihLLApekOvD3pics4xticVBuflnaf63Dv1pNQRjaOnrQ0co669kZVSZ8MW
hzCeL/+7/zivEFYbxxAIUSot/VBpTjkJbMgK+OW5V77+iHORMb9+xItZ+4epqB1+
A+4T1EDpy1M1vRaIyBD20Iwh80Cmq73BruTAhI3vLjTmcGBdvBR15Spkh8HxIqIN
r2/4mcnmRqb6LR/hiwFxtl3FLaHJ2FvP3Uyru/9O/Ros6Bo6T+iIQSF+2p8nldPL
viFoOPGw1rVc6LaTEjTIMWbK7zort3gfZUjYJkZYws5zxrS5z/oZoRpwZs+Tgg2Y
CccNLF1L8771AHBpQfrZqz7EgZvqzdhPHkwFM7q7l86LJWTA90hIOFfaZB4MS0Fk
Q80cZpRAX39j/NrsNgrhTay2VVAjQwYciHxITuqDewg9yuA55zs=
=zwpH
-----END PGP SIGNATURE-----