-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 May 2026 12:51:10 +0200
Source: postgresql-15
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15
Architecture: armel
Version: 15.18-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: armel Build Daemon (arm-ubc-04) <buildd_arm64-arm-ubc-04@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 15
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-15 - The World's Most Advanced Open Source Relational Database
 postgresql-client-15 - front-end programs for PostgreSQL 15
 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15
 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15
 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15
 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming
Changes:
 postgresql-15 (15.18-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 15.18.
 .
     + Prevent unbounded recursion while processing startup packets
       (Michael Paquier)
 .
       A malicious client could crash the connected backend by alternating
       rejected SSL and GSS encryption requests indefinitely.
 .
       The PostgreSQL Project thanks Calif.io (in collaboration with Claude and
       Anthropic Research) for reporting this problem. (CVE-2026-6479)
 .
     + Fix assorted integer overflows in memory-allocation calculations
       (Tom Lane, Nathan Bossart, Heikki Linnakangas)
 .
       Various places were incautious about the possibility of integer overflow
       in calculations of how much memory to allocate.  Overflow would lead to
       allocating a too-small buffer which the caller would then write past the
       end of.  This would at least trigger server crashes, and probably could
       be exploited for arbitrary code execution.  In many but by no means all
       cases, the hazard exists only in 32-bit builds.
 .
       The PostgreSQL Project thanks Xint Code, Bruce Dang, Sven Klemm, and
       Pavel Kohout for reporting these problems. (CVE-2026-6473)
 .
     + Reject over-length options in ts_headline() (Michael Paquier)
 .
       The StartSel, StopSel and FragmentDelimiter strings must not exceed 32Kb
       in length, but this was not checked for.  An over-length value would
       typically crash the server.
 .
       The PostgreSQL Project thanks Xint Code for reporting this problem.
       (CVE-2026-6473)
 .
     + Guard against malicious time zone names in timeofday() and pg_strftime()
       (Tom Lane)
 .
       A crafted time zone setting could pass % sequences to snprintf(),
       potentially causing crashes or disclosure of server memory.  Another
       path to similar results was to overflow the limited-size output buffer
       used by pg_strftime().
 .
       The PostgreSQL Project thanks Xint Code for reporting this problem.
       (CVE-2026-6474)
 .
     + When creating a multirange type, ensure the user has CREATE privilege on
       the schema specified for the multirange type (Jelte Fennema-Nio)
 .
       The multirange type can be put into a different schema than its parent
       range type, but we neglected to apply the required privilege check when
       doing so.
 .
       The PostgreSQL Project thanks Jelte Fennema-Nio for reporting this
       problem. (CVE-2026-6472)
 .
     + Use timing-safe string comparisons in authentication code
       (Michael Paquier)
 .
       Use timingsafe_bcmp() instead of memcpy() or strcmp() when checking
       passwords, hashes, etc.  It is not known whether the data dependency of
       those functions is usefully exploitable in any of these places, but in
       the interests of safety, replace them.
 .
       The PostgreSQL Project thanks Joe Conway for reporting this problem.
       (CVE-2026-6478)
 .
     + Mark PQfn() as unsafe, and avoid using it within libpq (Nathan Bossart)
 .
       For a non-integral result type, PQfn() is not passed the size of the
       output buffer, so it cannot check that the data returned by the server
       will fit.  A malicious server could therefore overwrite client memory.
       This is unfixable without an API change, so mark the function as
       deprecated.  Internally to libpq, use a variant version that can apply
       the missing check.
 .
       The PostgreSQL Project thanks Yu Kunpeng and Martin Heistermann for
       reporting this problem. (CVE-2026-6477)
 .
     + Prevent path traversal in pg_basebackup and pg_rewind (Michael Paquier)
 .
       These applications failed to validate output file paths read from their
       input, so that a malicious source could overwrite any file writable by
       these applications.  Constrain where data can be written by rejecting
       paths that are absolute or contain parent-directory references.
 .
       The PostgreSQL Project thanks XlabAI Team of Tencent Xuanwu Lab and
       Valery Gubanov for reporting this problem. (CVE-2026-6475)
 .
     + Guard against field overflow within contrib/intarray's query_int type
       and contrib/ltree's ltxtquery type (Tom Lane)
 .
       Parsing of these query structures did not check for overflow of 16-bit
       fields, so that construction of an invalid query tree was possible.
       This can crash the server when executing the query.
 .
       The PostgreSQL Project thanks Xint Code for reporting this problem.
       (CVE-2026-6473)
 .
     + Guard against overly long values of contrib/ltree's lquery type
       (Michael Paquier)
 .
       Values with more than 64K items caused internal overflows, potentially
       resulting in stack smashes or wrong answers.
 .
       The PostgreSQL Project thanks Vergissmeinnicht, A1ex, and Jihe Wang for
       reporting this problem. (CVE-2026-6473)
 .
     + Prevent SQL injection and buffer overruns in contrib/spi
       (Nathan Bossart)
 .
       check_foreign_key() was insufficiently careful about quoting key values,
       and also used fixed-length buffers for constructing queries.  While this
       module is only meant as example code, it still shouldn't contain such
       dangerous errors.
 .
       The PostgreSQL Project thanks Nikolay Samokhvalov for reporting this
       problem. (CVE-2026-6637)
Checksums-Sha1:
 080f947d012d2248a1f2d001acb7842441f27f8a 16368 libecpg-compat3-dbgsym_15.18-0+deb12u1_armel.deb
 af37d7ba1f6457018a97d608953234b839faccef 21584 libecpg-compat3_15.18-0+deb12u1_armel.deb
 7209472d15f7db3fe971e7098ef2b7a9e814392b 235280 libecpg-dev-dbgsym_15.18-0+deb12u1_armel.deb
 cebdd1db7ef7dac73816d4188f190a95172dd2fb 278180 libecpg-dev_15.18-0+deb12u1_armel.deb
 4ae859d42e297d9670b7d4ec3449d749fc493d57 111564 libecpg6-dbgsym_15.18-0+deb12u1_armel.deb
 1f9c4ab45f0c9a77c60bdea384674904fea955a3 60596 libecpg6_15.18-0+deb12u1_armel.deb
 8448eac746eccb356401dfb6ecaedc5544ff564e 86524 libpgtypes3-dbgsym_15.18-0+deb12u1_armel.deb
 6f838f7e96dca4c75f9f7c1bf62d2f2da0d792d2 47080 libpgtypes3_15.18-0+deb12u1_armel.deb
 c5232dfee1d822dce98210d4215fd181bce39bf2 139644 libpq-dev_15.18-0+deb12u1_armel.deb
 554bbd8c3d6e68dd009a52273d69b7cd0f624f59 274696 libpq5-dbgsym_15.18-0+deb12u1_armel.deb
 8faed5ace55be81dc575dd4ec04ded8f4c3f69f1 177012 libpq5_15.18-0+deb12u1_armel.deb
 9e8eda7bb5517e1bea3fdc2896aedfa3f6043f91 16285948 postgresql-15-dbgsym_15.18-0+deb12u1_armel.deb
 09b30a9009c69a0e86c6b03ee35acf1f56daed2b 17166 postgresql-15_15.18-0+deb12u1_armel-buildd.buildinfo
 bfc385e6f42220e87f406ad3c8a2ac7cc8336a3c 16211080 postgresql-15_15.18-0+deb12u1_armel.deb
 7fe82daba7ab18667c6abdfa4bc98a5c28c05527 2469800 postgresql-client-15-dbgsym_15.18-0+deb12u1_armel.deb
 d55ae41a450d0842eaedb681aff22403f27d5ab5 1631780 postgresql-client-15_15.18-0+deb12u1_armel.deb
 46a90ca78368b04fbc4c76c47ea361a14bb8b0da 182012 postgresql-plperl-15-dbgsym_15.18-0+deb12u1_armel.deb
 8b4f9cac220ec6d1b4ae4977f95131a027d5a638 92580 postgresql-plperl-15_15.18-0+deb12u1_armel.deb
 fcbf23a12ed471ab766c32c4549b4e24efda3fcc 172236 postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_armel.deb
 5ed77d8f5fe3c4e6d1dd3ed07a24f5bbd50f31cd 111544 postgresql-plpython3-15_15.18-0+deb12u1_armel.deb
 a5e317f4b1d69dbce4d9a23cceaaa72692a4559f 78100 postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_armel.deb
 85a0e1176e114d63dddb811f6650b07eaac22698 45380 postgresql-pltcl-15_15.18-0+deb12u1_armel.deb
 4c870093eeb80c8fce519dac828e5e7c86786d24 1143164 postgresql-server-dev-15_15.18-0+deb12u1_armel.deb
Checksums-Sha256:
 cadf2f329ea103c77e962eb4225b2d1f5924018a4f51306c502ee85e63e8f3c4 16368 libecpg-compat3-dbgsym_15.18-0+deb12u1_armel.deb
 e2d0fea7e67476ab94ab634c3dc1a72df9ec9c3111e9c228bc22c08d0091d0af 21584 libecpg-compat3_15.18-0+deb12u1_armel.deb
 43be0730e58f60db724a6c0a3ecc98aec317ee7bd2ad2440da7325897e903c87 235280 libecpg-dev-dbgsym_15.18-0+deb12u1_armel.deb
 023a13a11ce95353f2e57a0ba033004c254988d6580f9090e165e02e5dbd6a57 278180 libecpg-dev_15.18-0+deb12u1_armel.deb
 d31ceead4d7d6210e0459c473b72f992a424be16e00626e14d7b88b36f2ec9fd 111564 libecpg6-dbgsym_15.18-0+deb12u1_armel.deb
 166766ccb415876e877b28d8bd61cd18b1529b8a9c1b870258b4bbe73792211b 60596 libecpg6_15.18-0+deb12u1_armel.deb
 a954700770fbcdc3f6bc6d8b9f1108796b6703e66f6e9082937e5ce1bd0f4c19 86524 libpgtypes3-dbgsym_15.18-0+deb12u1_armel.deb
 9f0c989c8e5ca91e439eb998d75ef6b27049e5236a9abd528b54583fbe55be40 47080 libpgtypes3_15.18-0+deb12u1_armel.deb
 ed9b90fb6434b32a39f4f0f4f870c6efff3c5528298b37fd20fabccbff006d88 139644 libpq-dev_15.18-0+deb12u1_armel.deb
 02969587bab380bd6544a21f91f4f145caa1c5ff7800ea2111cb680e8261061b 274696 libpq5-dbgsym_15.18-0+deb12u1_armel.deb
 d119977ec6a68e691a8bf800ba113db5ee1fe71b8c9592b18e4a43b4b8e3ecda 177012 libpq5_15.18-0+deb12u1_armel.deb
 28d5ef33b835a2eb251c6cd1be2aeb526dc88887d2e1b88ab8fbdc90a15bb23d 16285948 postgresql-15-dbgsym_15.18-0+deb12u1_armel.deb
 a4767d8370a6fd871db9ef3b6f5ee839741028aaee9fe51b152d70303605b369 17166 postgresql-15_15.18-0+deb12u1_armel-buildd.buildinfo
 f385e0b1904a0a0c5e9b05ca1ccde88a63273b2638e2f9da4702448dd47e0d88 16211080 postgresql-15_15.18-0+deb12u1_armel.deb
 44abb17c32db137b1bd43928667be8b38ac033783cb169d6e1dc58202c3a0098 2469800 postgresql-client-15-dbgsym_15.18-0+deb12u1_armel.deb
 421797089bdab0571f7a655a6ba064c6144969c905f7e690735347582ee08b6b 1631780 postgresql-client-15_15.18-0+deb12u1_armel.deb
 4dae10f70269d761b27549455c331962ffc3ab6d6466202a58e8b25c299162ea 182012 postgresql-plperl-15-dbgsym_15.18-0+deb12u1_armel.deb
 c6253913d3a717498be4323f28cf8c43757826b3a4bc925d0d8b6f29ca5c17e3 92580 postgresql-plperl-15_15.18-0+deb12u1_armel.deb
 75197251aecd913f80840bb235f75dfd54c930cc23fd63afe27ff66873b1c560 172236 postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_armel.deb
 9442fa2fe6b0f651c25c165e77fef22ec4153716d09e3b0369938bad9fe98884 111544 postgresql-plpython3-15_15.18-0+deb12u1_armel.deb
 e87c843a122966793d788d073d6cd1c6f4e41010fe98fd3f54269781e76cf8a0 78100 postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_armel.deb
 53f3228d2a60041bf5bfe83d4482ef7c228ed38aca27ee26c5f855b15e1d6a74 45380 postgresql-pltcl-15_15.18-0+deb12u1_armel.deb
 a61c485e01dc965facfe9118efc96c5d2694140862bb58cc7e3479bd5c0af82c 1143164 postgresql-server-dev-15_15.18-0+deb12u1_armel.deb
Files:
 4dd33c8350ae1620a5c32862de5f82da 16368 debug optional libecpg-compat3-dbgsym_15.18-0+deb12u1_armel.deb
 3aad44ad20a7df7f7ced45c93b71b391 21584 libs optional libecpg-compat3_15.18-0+deb12u1_armel.deb
 1abce457e5f61f0a7531d8f9c2b5f2bf 235280 debug optional libecpg-dev-dbgsym_15.18-0+deb12u1_armel.deb
 6cb20497f80f8f63306e4c249ed2fc78 278180 libdevel optional libecpg-dev_15.18-0+deb12u1_armel.deb
 c1d1a7910a5a71e8589f713c92ba9b0c 111564 debug optional libecpg6-dbgsym_15.18-0+deb12u1_armel.deb
 d88fdad6a128959c5a26abc2b9d31858 60596 libs optional libecpg6_15.18-0+deb12u1_armel.deb
 b93f4bbc000a56520517ec81711eea24 86524 debug optional libpgtypes3-dbgsym_15.18-0+deb12u1_armel.deb
 52b84a4327c9d0de410e1b50a132cd6d 47080 libs optional libpgtypes3_15.18-0+deb12u1_armel.deb
 798787e9dc73eb69c23f12595e6208d8 139644 libdevel optional libpq-dev_15.18-0+deb12u1_armel.deb
 cf7068026ee02a5722d943c49d739236 274696 debug optional libpq5-dbgsym_15.18-0+deb12u1_armel.deb
 d8e10c1995f291b30769e559da8fcda7 177012 libs optional libpq5_15.18-0+deb12u1_armel.deb
 ae58f73e586ac13a95737e0fdaafa7ba 16285948 debug optional postgresql-15-dbgsym_15.18-0+deb12u1_armel.deb
 79129c315064de7fa667f7aa3a28cc8d 17166 database optional postgresql-15_15.18-0+deb12u1_armel-buildd.buildinfo
 904ba2f440d690d22884665ecf14c5e6 16211080 database optional postgresql-15_15.18-0+deb12u1_armel.deb
 080ebcc5199e8ef0cdfd0d93992446f6 2469800 debug optional postgresql-client-15-dbgsym_15.18-0+deb12u1_armel.deb
 ffe254f9774e1a1494dc59dd60d91fc1 1631780 database optional postgresql-client-15_15.18-0+deb12u1_armel.deb
 3d8d2d86b83d4dd78464958843d60646 182012 debug optional postgresql-plperl-15-dbgsym_15.18-0+deb12u1_armel.deb
 f7a56d55572c2d9f24f9e160ddcf283c 92580 database optional postgresql-plperl-15_15.18-0+deb12u1_armel.deb
 8303d170312a6b457656538b2c87a4b7 172236 debug optional postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_armel.deb
 b4d36da4adf9a7b7a149ba4615ab268c 111544 database optional postgresql-plpython3-15_15.18-0+deb12u1_armel.deb
 6c9deb1eb3ef658cddc86946ebd5bca2 78100 debug optional postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_armel.deb
 1b765ca142f58121fac213dd7b1f3fd7 45380 database optional postgresql-pltcl-15_15.18-0+deb12u1_armel.deb
 afde58c51f5ada408851e29ba81c9ab4 1143164 libdevel optional postgresql-server-dev-15_15.18-0+deb12u1_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEECx5fXZYVNP9tMtwlK1PZBedPspoFAmoDTBsACgkQK1PZBedP
sppGTA//Uv6W/+YXEqpJAoDdz+WkHQQFqfVtzlqbgbf8V9UWwK5PNluF4dSAzNiz
hWBtoU75BYCJ4Oh0H1tbW/hMwxrn7a66Hm4IUO9WDX36YQwJHpqUR/eQL/GMY/b7
Cyeky378i1ArcUvmlyH3u/q51mfzhhHpDJTBbNzt1kQrW31E/vOaxz9faWEIRRpy
V+LNqV4SxhDw+z9+W1cQ57BqwTUvFMHp5WJBWzlzH9jPNb0tYIowiTDUCAdFHGce
pw2a+jUQiyDts/ukmMmJn3DoxG0a0iGewEVz7vgKnsZSZbpgGN4I4iHWBLjErfQl
WJJ0WxMKop2OedJ9eUd9qwu1J2yumXlzVQlMWvFXocRHACNo7OXObP1Ty1vnMMH6
xHoKVtqTNRovkyKfjEA6MH27r3X9t9C+aXLff94RT3go0SkUezR25YNJwpYirhiA
ShpPNh6QkiTxWq4bldDsUKZa+WLbq10JOWho97koQ6hSuEfM1/a5Ss6EzQckMl79
f/DCHd0E3iOuabujbmSh0yM0EzIAKT6JMMfG+qz24aocNDjbqUpy0JH+JjPiq1S2
Nu0x6TmfTFDzlcJiqM70l6f6216P49WNe8++WWQsvNzcS3DzGkZWltYZ8+uIbAHA
egFy3iflH9gB78TcU7ZjOMnecC6ax5oyMVBUgHk6kRcOLWbAgRI=
=bZtk
-----END PGP SIGNATURE-----