-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 May 2026 12:51:10 +0200
Source: postgresql-15
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15
Architecture: arm64
Version: 15.18-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: arm64 Build Daemon (arm-conova-04) <buildd_arm64-arm-conova-04@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 15
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-15 - The World's Most Advanced Open Source Relational Database
 postgresql-client-15 - front-end programs for PostgreSQL 15
 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15
 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15
 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15
 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming
Changes:
 postgresql-15 (15.18-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 15.18.
 .
     + Prevent unbounded recursion while processing startup packets
       (Michael Paquier)
 .
       A malicious client could crash the connected backend by alternating
       rejected SSL and GSS encryption requests indefinitely.
 .
       The PostgreSQL Project thanks Calif.io (in collaboration with Claude and
       Anthropic Research) for reporting this problem. (CVE-2026-6479)
 .
     + Fix assorted integer overflows in memory-allocation calculations
       (Tom Lane, Nathan Bossart, Heikki Linnakangas)
 .
       Various places were incautious about the possibility of integer overflow
       in calculations of how much memory to allocate.  Overflow would lead to
       allocating a too-small buffer which the caller would then write past the
       end of.  This would at least trigger server crashes, and probably could
       be exploited for arbitrary code execution.  In many but by no means all
       cases, the hazard exists only in 32-bit builds.
 .
       The PostgreSQL Project thanks Xint Code, Bruce Dang, Sven Klemm, and
       Pavel Kohout for reporting these problems. (CVE-2026-6473)
 .
     + Reject over-length options in ts_headline() (Michael Paquier)
 .
       The StartSel, StopSel and FragmentDelimiter strings must not exceed 32Kb
       in length, but this was not checked for.  An over-length value would
       typically crash the server.
 .
       The PostgreSQL Project thanks Xint Code for reporting this problem.
       (CVE-2026-6473)
 .
     + Guard against malicious time zone names in timeofday() and pg_strftime()
       (Tom Lane)
 .
       A crafted time zone setting could pass % sequences to snprintf(),
       potentially causing crashes or disclosure of server memory.  Another
       path to similar results was to overflow the limited-size output buffer
       used by pg_strftime().
 .
       The PostgreSQL Project thanks Xint Code for reporting this problem.
       (CVE-2026-6474)
 .
     + When creating a multirange type, ensure the user has CREATE privilege on
       the schema specified for the multirange type (Jelte Fennema-Nio)
 .
       The multirange type can be put into a different schema than its parent
       range type, but we neglected to apply the required privilege check when
       doing so.
 .
       The PostgreSQL Project thanks Jelte Fennema-Nio for reporting this
       problem. (CVE-2026-6472)
 .
     + Use timing-safe string comparisons in authentication code
       (Michael Paquier)
 .
       Use timingsafe_bcmp() instead of memcpy() or strcmp() when checking
       passwords, hashes, etc.  It is not known whether the data dependency of
       those functions is usefully exploitable in any of these places, but in
       the interests of safety, replace them.
 .
       The PostgreSQL Project thanks Joe Conway for reporting this problem.
       (CVE-2026-6478)
 .
     + Mark PQfn() as unsafe, and avoid using it within libpq (Nathan Bossart)
 .
       For a non-integral result type, PQfn() is not passed the size of the
       output buffer, so it cannot check that the data returned by the server
       will fit.  A malicious server could therefore overwrite client memory.
       This is unfixable without an API change, so mark the function as
       deprecated.  Internally to libpq, use a variant version that can apply
       the missing check.
 .
       The PostgreSQL Project thanks Yu Kunpeng and Martin Heistermann for
       reporting this problem. (CVE-2026-6477)
 .
     + Prevent path traversal in pg_basebackup and pg_rewind (Michael Paquier)
 .
       These applications failed to validate output file paths read from their
       input, so that a malicious source could overwrite any file writable by
       these applications.  Constrain where data can be written by rejecting
       paths that are absolute or contain parent-directory references.
 .
       The PostgreSQL Project thanks XlabAI Team of Tencent Xuanwu Lab and
       Valery Gubanov for reporting this problem. (CVE-2026-6475)
 .
     + Guard against field overflow within contrib/intarray's query_int type
       and contrib/ltree's ltxtquery type (Tom Lane)
 .
       Parsing of these query structures did not check for overflow of 16-bit
       fields, so that construction of an invalid query tree was possible.
       This can crash the server when executing the query.
 .
       The PostgreSQL Project thanks Xint Code for reporting this problem.
       (CVE-2026-6473)
 .
     + Guard against overly long values of contrib/ltree's lquery type
       (Michael Paquier)
 .
       Values with more than 64K items caused internal overflows, potentially
       resulting in stack smashes or wrong answers.
 .
       The PostgreSQL Project thanks Vergissmeinnicht, A1ex, and Jihe Wang for
       reporting this problem. (CVE-2026-6473)
 .
     + Prevent SQL injection and buffer overruns in contrib/spi
       (Nathan Bossart)
 .
       check_foreign_key() was insufficiently careful about quoting key values,
       and also used fixed-length buffers for constructing queries.  While this
       module is only meant as example code, it still shouldn't contain such
       dangerous errors.
 .
       The PostgreSQL Project thanks Nikolay Samokhvalov for reporting this
       problem. (CVE-2026-6637)
Checksums-Sha1:
 5cbaf49e3d8d3cdacd12e1958e08bba33f8fe0a0 16524 libecpg-compat3-dbgsym_15.18-0+deb12u1_arm64.deb
 82f677b46d25b0096cae5b0187b1e448417f567e 22572 libecpg-compat3_15.18-0+deb12u1_arm64.deb
 74823527e48131b22bf62bf4d099bf8d075215a3 277244 libecpg-dev-dbgsym_15.18-0+deb12u1_arm64.deb
 091c09b1ce9ccc5d8861413f5ab3b4dda7be1514 286796 libecpg-dev_15.18-0+deb12u1_arm64.deb
 9b3b5f5de46757bdfc7a3a0d9d5ee1c0be0b9413 114204 libecpg6-dbgsym_15.18-0+deb12u1_arm64.deb
 9056ce01e6ece707a4f0580ce38e2a780a37f6c2 64144 libecpg6_15.18-0+deb12u1_arm64.deb
 f4489cfedb7cf9d326ab8cc0451a9074d1f86b07 87384 libpgtypes3-dbgsym_15.18-0+deb12u1_arm64.deb
 181ba18a1813e2d89edbaf3d35b3f86e8d341b4e 48348 libpgtypes3_15.18-0+deb12u1_arm64.deb
 92ca22e4cb7ed12f0834f13949e53e32f59ce826 147712 libpq-dev_15.18-0+deb12u1_arm64.deb
 426ab19c57af48deae3ce150bb773b08c68ba2fd 279028 libpq5-dbgsym_15.18-0+deb12u1_arm64.deb
 77a0afc6bb1d1064930db4156f5079002e844413 187992 libpq5_15.18-0+deb12u1_arm64.deb
 49b7ca12357fafb70c72b030598001942d428c05 16995916 postgresql-15-dbgsym_15.18-0+deb12u1_arm64.deb
 57b34344ae79661d827a8e11035456bbd9a35e2c 17324 postgresql-15_15.18-0+deb12u1_arm64-buildd.buildinfo
 bbec038839c9a4e8f4b02dce650622aa7625ae71 16430920 postgresql-15_15.18-0+deb12u1_arm64.deb
 f1632fe32108c7751c8da4e677f3c6ee004e6642 2712192 postgresql-client-15-dbgsym_15.18-0+deb12u1_arm64.deb
 2f91423c4fcff31803387c77ce79506e0452816a 1693232 postgresql-client-15_15.18-0+deb12u1_arm64.deb
 3c9f484946871ed07c47cc5dd5de55d65db32ef5 183552 postgresql-plperl-15-dbgsym_15.18-0+deb12u1_arm64.deb
 a66f4479d301c8cff0e18aaf53640ff2d9b8016a 92772 postgresql-plperl-15_15.18-0+deb12u1_arm64.deb
 2adeb45c959381a145133e180f4f763ef31ea212 176232 postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_arm64.deb
 4746fe648c909809596257cd2b1f0e1cb8740c51 113316 postgresql-plpython3-15_15.18-0+deb12u1_arm64.deb
 aab23f4c886f4bcff15c755b69df85d9585c8f74 79396 postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_arm64.deb
 17be5dffda1ca1bee55e516f82bb93897fa87089 46344 postgresql-pltcl-15_15.18-0+deb12u1_arm64.deb
 b1ef6beb954c87f09f73cc98501e1182d960d1e2 1152952 postgresql-server-dev-15_15.18-0+deb12u1_arm64.deb
Checksums-Sha256:
 add16348a59aea2e6d1a64418be40714b4b87ed0f976e8e5b715e26e2ad39d19 16524 libecpg-compat3-dbgsym_15.18-0+deb12u1_arm64.deb
 5afc1eca055824ddca0e6cb8ece384e1501d746a754cecf71cd778c14ac378bc 22572 libecpg-compat3_15.18-0+deb12u1_arm64.deb
 b212fec03c1e7380b2f8e1c862afa5ab890907c8b47e7d38ba8a5ff3e742c83c 277244 libecpg-dev-dbgsym_15.18-0+deb12u1_arm64.deb
 d2df19f9748bf881a35fc02d20c602a6f1402db1621c1a65e321da888f637fb5 286796 libecpg-dev_15.18-0+deb12u1_arm64.deb
 97d99428ab1923f7af36439e7dcbb9f8bc383a4c6426a25b063d037b90853465 114204 libecpg6-dbgsym_15.18-0+deb12u1_arm64.deb
 9cfa127b0499f9910e46708786c74e0f9fa02dbf78b6f33c938551a2833045c4 64144 libecpg6_15.18-0+deb12u1_arm64.deb
 c8e03e7272fb6cd5dc3cf158225da0b27bc2d9f2f3840b58ba23dad0b55cb618 87384 libpgtypes3-dbgsym_15.18-0+deb12u1_arm64.deb
 600fb24233286061da36aeee61c4f7522be31094dffffe4990bee4fe62cce21a 48348 libpgtypes3_15.18-0+deb12u1_arm64.deb
 c67bb92117a2716f114434d00d8dd18cd70dfa5aeaa26fbd24bb9fc73aa86e9e 147712 libpq-dev_15.18-0+deb12u1_arm64.deb
 2bf4dd0b78085861ecd6b068d6b709d2181c6862cc1640520f773fa8da630459 279028 libpq5-dbgsym_15.18-0+deb12u1_arm64.deb
 ef2b1ad471e0f81b3fe40c7e8c5fdd5ff9dbd4bb05ee07e9c7dd37f2f5e2ae2e 187992 libpq5_15.18-0+deb12u1_arm64.deb
 50503022c791d277eb1aef81588c25bbc2d26186121db6458e7e9882b6a8bec5 16995916 postgresql-15-dbgsym_15.18-0+deb12u1_arm64.deb
 6c39a207d2050510a8c0971a889b799001865bdceb8580d340c2f280c8748c4e 17324 postgresql-15_15.18-0+deb12u1_arm64-buildd.buildinfo
 3292892a851f0e8c8b52597bb8348fcc36991aa4d1c7de3b075694df009ea4fb 16430920 postgresql-15_15.18-0+deb12u1_arm64.deb
 f36fef76bcd092e3f36ab2d7ca26aacbd642ab1891a9d231244737955bfec138 2712192 postgresql-client-15-dbgsym_15.18-0+deb12u1_arm64.deb
 06559d42ee971439e6def8e4359e84577455f3172214b78bcb7d2a3ab74f9efd 1693232 postgresql-client-15_15.18-0+deb12u1_arm64.deb
 71021830263b2b280ca965fb65d7a969f667caa238fc09cf71a0efe096dca1e7 183552 postgresql-plperl-15-dbgsym_15.18-0+deb12u1_arm64.deb
 59dc11b81a3911aa8fb72992f2650d5ae7bc612f45de474fe2c4481d2400f4bb 92772 postgresql-plperl-15_15.18-0+deb12u1_arm64.deb
 a2b16690fdd493b28473050b02bae6e12ab63e12ec75d70c5c75387e150d0815 176232 postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_arm64.deb
 19b6512cd0d6dd7857d6d08abd9a73e69f79d2d68a0a4e793a457cfbfe9071be 113316 postgresql-plpython3-15_15.18-0+deb12u1_arm64.deb
 9da89995c19defe550434b42f4c403f6596759428f23205b477d7b21c0cd2242 79396 postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_arm64.deb
 9df1faf24db5231db5789e8696a6e99755583e24b96ea1e37df334f594e3f45d 46344 postgresql-pltcl-15_15.18-0+deb12u1_arm64.deb
 7ee9b6908ec037e01290bea75224871a44dca01027f1c3a5341e15ed11f103f4 1152952 postgresql-server-dev-15_15.18-0+deb12u1_arm64.deb
Files:
 6838da757f01c6e0997917c8188a9a7c 16524 debug optional libecpg-compat3-dbgsym_15.18-0+deb12u1_arm64.deb
 b13d6d7558494b5b62cf079e4dcffc99 22572 libs optional libecpg-compat3_15.18-0+deb12u1_arm64.deb
 fdd6c456b1f7ed59d3979c4b275dccec 277244 debug optional libecpg-dev-dbgsym_15.18-0+deb12u1_arm64.deb
 b3f7d61f91cfc557c6d4aa716d1af6c1 286796 libdevel optional libecpg-dev_15.18-0+deb12u1_arm64.deb
 2de581c2583026b93e236a3081b7750e 114204 debug optional libecpg6-dbgsym_15.18-0+deb12u1_arm64.deb
 7c3e87160693cbb3d13caa2fd7e10f23 64144 libs optional libecpg6_15.18-0+deb12u1_arm64.deb
 adc55a8b9f972297fe4f2c49941aba30 87384 debug optional libpgtypes3-dbgsym_15.18-0+deb12u1_arm64.deb
 63cf30ff39e56c66ce34d1b4f59b1c44 48348 libs optional libpgtypes3_15.18-0+deb12u1_arm64.deb
 a5e010bd4cce8d3f026fcbd8ba41386c 147712 libdevel optional libpq-dev_15.18-0+deb12u1_arm64.deb
 c24f5a8b3163037592862cda1784a1aa 279028 debug optional libpq5-dbgsym_15.18-0+deb12u1_arm64.deb
 f413a01b76c99a624f62bd8d2379d90a 187992 libs optional libpq5_15.18-0+deb12u1_arm64.deb
 0019f98ffd3e219289aaa14527fbe578 16995916 debug optional postgresql-15-dbgsym_15.18-0+deb12u1_arm64.deb
 5efdf304a281667ff222cf88cacaf0b9 17324 database optional postgresql-15_15.18-0+deb12u1_arm64-buildd.buildinfo
 235da3c00b15ec0eb1cee8ec11c37a43 16430920 database optional postgresql-15_15.18-0+deb12u1_arm64.deb
 3975c3c92f6c98b142a6ce2c142b09d9 2712192 debug optional postgresql-client-15-dbgsym_15.18-0+deb12u1_arm64.deb
 4f08dcd25739706019b3746123bcdd1f 1693232 database optional postgresql-client-15_15.18-0+deb12u1_arm64.deb
 58ac108582e4f0986d5c3a48df082b9d 183552 debug optional postgresql-plperl-15-dbgsym_15.18-0+deb12u1_arm64.deb
 457d8ad994ef83dce750e329c8ab68d5 92772 database optional postgresql-plperl-15_15.18-0+deb12u1_arm64.deb
 259d89efb78d9dedfcab753566228455 176232 debug optional postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_arm64.deb
 0a1e6d7368b043931f6ee6665d8ff812 113316 database optional postgresql-plpython3-15_15.18-0+deb12u1_arm64.deb
 96c269d22282b592de638f6b77f255d3 79396 debug optional postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_arm64.deb
 a286f70abd63ac3977a42f7d4925cb23 46344 database optional postgresql-pltcl-15_15.18-0+deb12u1_arm64.deb
 feeb8941af1579edea459bbc2796403d 1152952 libdevel optional postgresql-server-dev-15_15.18-0+deb12u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYxmcRLDHP0tCCM0oScpU3dYulLgFAmoDSDEACgkQScpU3dYu
lLhRXw//V55fY7FbD7wfQg9ziREXGWfPNhj7wtZ1xvQDlK1e2mtK+6dB5uZSxMJY
P31tT3dxYynxh8NXL338+MMv8HuBQ2yplZFOaocPNfFnxI0ZrnZx8WvpG0XwqsJn
FlW8YNMXMNY1+W6b9vEu/xrXLnVvV9qIjcGZaqCUme2fQ8M+rh6jwjzHfad2a6d4
iV2cDub9s4jnUBLTRoovJFgpOwxJbMDGgz4R4CPFH2orZsdxDY0lOvx5EA58iTD2
Hdc88JHBkpjc2hWaMX8H/0Li421C+TEBePFFOlTQ7AKi8yijzvW9Bv+9hUlmmV21
QHGSpuuLZ8RQCQ1KN2ScFbErTcE3z600JzAAH3wiRdbyLi9WHK0HkNH2pHWrCu5R
RZibpEna/5RCt3vS5+zl+5EnsMEykAbxRZslF5oD1H/TjSmepuyKfCDwMKnjI4TQ
vMQ8fRkyg/yhxiUTGZbZjzUYQuew0lA14E1/o1sDnlKVtqhDmMCLFQKFk3hu+m4q
yIc7UpQDzPB2T6G1nQE3zbtOTnwpc8OaojlyhvPl/fbIWQqSp9El6FybikkNeTvO
Ulk521wFrbtegjyGXJRoTD/Ujr9BsB6FWE0A5MaEFgqxqXCxi9uD5Zc5eMPPsWKk
BHfwow++TLluTchYGO8/oKNcMapmcIlSVWrPqLRJSQHlD6oJnZE=
=GDMQ
-----END PGP SIGNATURE-----