-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 May 2026 12:51:10 +0200
Source: postgresql-15
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15
Architecture: armhf
Version: 15.18-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: armhf Build Daemon (arm-ubc-06) <buildd_arm64-arm-ubc-06@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 15
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-15 - The World's Most Advanced Open Source Relational Database
 postgresql-client-15 - front-end programs for PostgreSQL 15
 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15
 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15
 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15
 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming
Changes:
 postgresql-15 (15.18-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 15.18.
 .
     + Prevent unbounded recursion while processing startup packets
       (Michael Paquier)
 .
       A malicious client could crash the connected backend by alternating
       rejected SSL and GSS encryption requests indefinitely.
 .
       The PostgreSQL Project thanks Calif.io (in collaboration with Claude and
       Anthropic Research) for reporting this problem. (CVE-2026-6479)
 .
     + Fix assorted integer overflows in memory-allocation calculations
       (Tom Lane, Nathan Bossart, Heikki Linnakangas)
 .
       Various places were incautious about the possibility of integer overflow
       in calculations of how much memory to allocate.  Overflow would lead to
       allocating a too-small buffer which the caller would then write past the
       end of.  This would at least trigger server crashes, and probably could
       be exploited for arbitrary code execution.  In many but by no means all
       cases, the hazard exists only in 32-bit builds.
 .
       The PostgreSQL Project thanks Xint Code, Bruce Dang, Sven Klemm, and
       Pavel Kohout for reporting these problems. (CVE-2026-6473)
 .
     + Reject over-length options in ts_headline() (Michael Paquier)
 .
       The StartSel, StopSel and FragmentDelimiter strings must not exceed 32Kb
       in length, but this was not checked for.  An over-length value would
       typically crash the server.
 .
       The PostgreSQL Project thanks Xint Code for reporting this problem.
       (CVE-2026-6473)
 .
     + Guard against malicious time zone names in timeofday() and pg_strftime()
       (Tom Lane)
 .
       A crafted time zone setting could pass % sequences to snprintf(),
       potentially causing crashes or disclosure of server memory.  Another
       path to similar results was to overflow the limited-size output buffer
       used by pg_strftime().
 .
       The PostgreSQL Project thanks Xint Code for reporting this problem.
       (CVE-2026-6474)
 .
     + When creating a multirange type, ensure the user has CREATE privilege on
       the schema specified for the multirange type (Jelte Fennema-Nio)
 .
       The multirange type can be put into a different schema than its parent
       range type, but we neglected to apply the required privilege check when
       doing so.
 .
       The PostgreSQL Project thanks Jelte Fennema-Nio for reporting this
       problem. (CVE-2026-6472)
 .
     + Use timing-safe string comparisons in authentication code
       (Michael Paquier)
 .
       Use timingsafe_bcmp() instead of memcpy() or strcmp() when checking
       passwords, hashes, etc.  It is not known whether the data dependency of
       those functions is usefully exploitable in any of these places, but in
       the interests of safety, replace them.
 .
       The PostgreSQL Project thanks Joe Conway for reporting this problem.
       (CVE-2026-6478)
 .
     + Mark PQfn() as unsafe, and avoid using it within libpq (Nathan Bossart)
 .
       For a non-integral result type, PQfn() is not passed the size of the
       output buffer, so it cannot check that the data returned by the server
       will fit.  A malicious server could therefore overwrite client memory.
       This is unfixable without an API change, so mark the function as
       deprecated.  Internally to libpq, use a variant version that can apply
       the missing check.
 .
       The PostgreSQL Project thanks Yu Kunpeng and Martin Heistermann for
       reporting this problem. (CVE-2026-6477)
 .
     + Prevent path traversal in pg_basebackup and pg_rewind (Michael Paquier)
 .
       These applications failed to validate output file paths read from their
       input, so that a malicious source could overwrite any file writable by
       these applications.  Constrain where data can be written by rejecting
       paths that are absolute or contain parent-directory references.
 .
       The PostgreSQL Project thanks XlabAI Team of Tencent Xuanwu Lab and
       Valery Gubanov for reporting this problem. (CVE-2026-6475)
 .
     + Guard against field overflow within contrib/intarray's query_int type
       and contrib/ltree's ltxtquery type (Tom Lane)
 .
       Parsing of these query structures did not check for overflow of 16-bit
       fields, so that construction of an invalid query tree was possible.
       This can crash the server when executing the query.
 .
       The PostgreSQL Project thanks Xint Code for reporting this problem.
       (CVE-2026-6473)
 .
     + Guard against overly long values of contrib/ltree's lquery type
       (Michael Paquier)
 .
       Values with more than 64K items caused internal overflows, potentially
       resulting in stack smashes or wrong answers.
 .
       The PostgreSQL Project thanks Vergissmeinnicht, A1ex, and Jihe Wang for
       reporting this problem. (CVE-2026-6473)
 .
     + Prevent SQL injection and buffer overruns in contrib/spi
       (Nathan Bossart)
 .
       check_foreign_key() was insufficiently careful about quoting key values,
       and also used fixed-length buffers for constructing queries.  While this
       module is only meant as example code, it still shouldn't contain such
       dangerous errors.
 .
       The PostgreSQL Project thanks Nikolay Samokhvalov for reporting this
       problem. (CVE-2026-6637)
Checksums-Sha1:
 75da7791ebf2f6888dd7a502e24c0f57f99854cf 16668 libecpg-compat3-dbgsym_15.18-0+deb12u1_armhf.deb
 2ccd17d516c273aeb0a1771770392a30d90c8752 21600 libecpg-compat3_15.18-0+deb12u1_armhf.deb
 2adbf00f60cdc11a3106324648032a33be38b0c6 239852 libecpg-dev-dbgsym_15.18-0+deb12u1_armhf.deb
 aa07d2252e359b6694aab6e406629e6a020c03cd 283792 libecpg-dev_15.18-0+deb12u1_armhf.deb
 35aea072646e1698eb7ce269b9a3c62e411a847d 112484 libecpg6-dbgsym_15.18-0+deb12u1_armhf.deb
 704238a8166d57b216b63381ff08b07ec9b47c0d 59412 libecpg6_15.18-0+deb12u1_armhf.deb
 a6722c6a01066496fced2df45913a98de7a4d27a 88604 libpgtypes3-dbgsym_15.18-0+deb12u1_armhf.deb
 d544d63c92b59d79aa9839dbf88df9fed8a0b2eb 46128 libpgtypes3_15.18-0+deb12u1_armhf.deb
 aa920c80eefe8c507e3745bac46c0bb27809b614 139648 libpq-dev_15.18-0+deb12u1_armhf.deb
 abaa37dee11c8f5482aa0296f1e0578eec4a4747 278368 libpq5-dbgsym_15.18-0+deb12u1_armhf.deb
 931bb8898885bbd34a343a3ada90a0ac3588a6be 178328 libpq5_15.18-0+deb12u1_armhf.deb
 46a5543f4c4bbee2bb0b0a2d3cdc649f05227cdf 16374120 postgresql-15-dbgsym_15.18-0+deb12u1_armhf.deb
 5db12e05b9d12600c57638a89da003430f096cd8 17168 postgresql-15_15.18-0+deb12u1_armhf-buildd.buildinfo
 4242dbf2674502b0f7c5c9537eed04b41bdd0b49 16128916 postgresql-15_15.18-0+deb12u1_armhf.deb
 dd9570895979b95c3a82a60d2f4f3b28e5481e11 2499040 postgresql-client-15-dbgsym_15.18-0+deb12u1_armhf.deb
 4170d8057817787e942bdfb0ecd7c657c740ae44 1646276 postgresql-client-15_15.18-0+deb12u1_armhf.deb
 71bd9b699f7f698a0e4793a44812857fb7bb8f57 182852 postgresql-plperl-15-dbgsym_15.18-0+deb12u1_armhf.deb
 435bf1d743a8bbd91e08e51e6b9e040850708ae1 92380 postgresql-plperl-15_15.18-0+deb12u1_armhf.deb
 41b5dc82ef58bb5ac0c506031058731cf98382c9 172732 postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_armhf.deb
 023873fc811d46fa75cb66118cf05770b02cea1e 110824 postgresql-plpython3-15_15.18-0+deb12u1_armhf.deb
 f275ccf7b17619e80e8af08203760b8764b3100f 78300 postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_armhf.deb
 2ee4031cfddb293081b3f553aab3ebb776439b23 45476 postgresql-pltcl-15_15.18-0+deb12u1_armhf.deb
 ced18eba765d8189ed88197fa2b69d8324b45f39 1143416 postgresql-server-dev-15_15.18-0+deb12u1_armhf.deb
Checksums-Sha256:
 3e1f8f5a1764d1b10d60141a3029225a72fb315f263cf84ab2f6d2f6a4960805 16668 libecpg-compat3-dbgsym_15.18-0+deb12u1_armhf.deb
 5974fd02adab3999f34d4774105648d0f5d86f0167a6205c054a3f3be05b703d 21600 libecpg-compat3_15.18-0+deb12u1_armhf.deb
 7402b3134c3140c9422e5ca413425d679b442c417d59da45340f714d27b56863 239852 libecpg-dev-dbgsym_15.18-0+deb12u1_armhf.deb
 0f702e8db31ad3ab8147138ed65a5b20e0df316d30aadebde911406717b71831 283792 libecpg-dev_15.18-0+deb12u1_armhf.deb
 873e3c1b9c196ac3277f886c2bd595396831d0df22fb67ea508c43398ba8002f 112484 libecpg6-dbgsym_15.18-0+deb12u1_armhf.deb
 2f9a381ddf7ea83a20c50fbfdf06091cc5a1b01a079a7229561d31634bdadc0a 59412 libecpg6_15.18-0+deb12u1_armhf.deb
 5314b5e61912b04e98ae2b666491f3891bca6a4bf6cabaa89c8a0e935302f53f 88604 libpgtypes3-dbgsym_15.18-0+deb12u1_armhf.deb
 fa58d32bad37db66526dcca6b972196beaf34126647196018577170ae3967e4f 46128 libpgtypes3_15.18-0+deb12u1_armhf.deb
 c26dcd0dd6e7607acff0cd189d72df8cf378f6cf9a4b043a2be78078adb702d6 139648 libpq-dev_15.18-0+deb12u1_armhf.deb
 e91b50c1516e8ed4246c701f9a9c06829d25ca6b9f07db5599335a1319557f66 278368 libpq5-dbgsym_15.18-0+deb12u1_armhf.deb
 24dc642ab40826812e163c841885f82a50ad91fb5883688851e22f38b791d61d 178328 libpq5_15.18-0+deb12u1_armhf.deb
 24de87c8083fddd3edd147841c4514fd89a83681154bd41409a4c1319fe57ac1 16374120 postgresql-15-dbgsym_15.18-0+deb12u1_armhf.deb
 1653ae5783c2bb980ef2ee1c573a40eea72622b2880afead01ce832b811773b1 17168 postgresql-15_15.18-0+deb12u1_armhf-buildd.buildinfo
 f3a65789527070ae644c1b2f0cf07613619cf1d2638e15ec1b2d7a6b73d1f063 16128916 postgresql-15_15.18-0+deb12u1_armhf.deb
 ab052222af5be810322f127bb6e981a8cbdc39255ad8e64ba37691a6adee9b69 2499040 postgresql-client-15-dbgsym_15.18-0+deb12u1_armhf.deb
 634809c961d8025fd41c6be5c9be04039df902a8415570c7f3c97f8b2ab6d636 1646276 postgresql-client-15_15.18-0+deb12u1_armhf.deb
 985c827c5433738152d27e4e46f45cbba9422b3a7ed307a68410d5563301be9c 182852 postgresql-plperl-15-dbgsym_15.18-0+deb12u1_armhf.deb
 11c938f05864e05f9b51a9073cb99b5bc47ad4384c7d73a6d122c21d49f81cba 92380 postgresql-plperl-15_15.18-0+deb12u1_armhf.deb
 8b2b7847a932ed9e4bef3fd9ba20b0459e5f2c8bf208d5ff7d44d7821c137b91 172732 postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_armhf.deb
 f76c6671791cbd499f8ec3cca77d57cf1ff7414ab6a6542cb6d7022545c63c19 110824 postgresql-plpython3-15_15.18-0+deb12u1_armhf.deb
 b9f6b15d69bd4c0c4802ca73fdafd54e899727abb70f3867b33fc3e9143911ea 78300 postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_armhf.deb
 3031e572881f303654562aa0cbbbdb82e48f3f77517a63d682dc9df9f8d8f997 45476 postgresql-pltcl-15_15.18-0+deb12u1_armhf.deb
 87acd3622434689de7dfdb63ad589ab7a9d8eaf2a2266932fb31b220919671b6 1143416 postgresql-server-dev-15_15.18-0+deb12u1_armhf.deb
Files:
 805cd9bcf6ba5a2aa177fe1e7e9fe335 16668 debug optional libecpg-compat3-dbgsym_15.18-0+deb12u1_armhf.deb
 01b752cd2b198f272ea43bfcd5f7c2c6 21600 libs optional libecpg-compat3_15.18-0+deb12u1_armhf.deb
 06ebb25c6982b5e6cbc9ff1e2aa6f388 239852 debug optional libecpg-dev-dbgsym_15.18-0+deb12u1_armhf.deb
 0065f9224fb86b95d46f9fb3577258a6 283792 libdevel optional libecpg-dev_15.18-0+deb12u1_armhf.deb
 02909c0cc718d82d4c6d5bc9b0b40126 112484 debug optional libecpg6-dbgsym_15.18-0+deb12u1_armhf.deb
 21aa7d0fe1ad7d45de807a7934239168 59412 libs optional libecpg6_15.18-0+deb12u1_armhf.deb
 f42c93d89c999f94233c966b6cdc269e 88604 debug optional libpgtypes3-dbgsym_15.18-0+deb12u1_armhf.deb
 b7c7925878574e67b9a45703c77ac0d6 46128 libs optional libpgtypes3_15.18-0+deb12u1_armhf.deb
 c7538d237f01acb93e65f54b67bc17d0 139648 libdevel optional libpq-dev_15.18-0+deb12u1_armhf.deb
 2eecfaf70cbd9853852033498136ca9d 278368 debug optional libpq5-dbgsym_15.18-0+deb12u1_armhf.deb
 a98873898a016c82b2c068300e0dd301 178328 libs optional libpq5_15.18-0+deb12u1_armhf.deb
 6ef6905d6b04a83d010a2ca4b75e1c8b 16374120 debug optional postgresql-15-dbgsym_15.18-0+deb12u1_armhf.deb
 767e7348f9cc73500df43042fe6afa87 17168 database optional postgresql-15_15.18-0+deb12u1_armhf-buildd.buildinfo
 f5bbfde59641b90c2af5f2e11caafeae 16128916 database optional postgresql-15_15.18-0+deb12u1_armhf.deb
 3328517e9f57bef786eea2a49b0d171d 2499040 debug optional postgresql-client-15-dbgsym_15.18-0+deb12u1_armhf.deb
 7d1cd462c7662ba8c087ceb40fd45cfc 1646276 database optional postgresql-client-15_15.18-0+deb12u1_armhf.deb
 97e494c7b53a296075713b8e910528be 182852 debug optional postgresql-plperl-15-dbgsym_15.18-0+deb12u1_armhf.deb
 14ed1ffbfe194dc8700e0c1e6a38b36c 92380 database optional postgresql-plperl-15_15.18-0+deb12u1_armhf.deb
 316d8945dbc2de5875e5df5ddaa1447a 172732 debug optional postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_armhf.deb
 d870c037aee28428b7ce6f3fc2f872a9 110824 database optional postgresql-plpython3-15_15.18-0+deb12u1_armhf.deb
 40d1eaa427f8be65952b5fe301829827 78300 debug optional postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_armhf.deb
 298ff0eee36876041dcc260f0ebb0d7b 45476 database optional postgresql-pltcl-15_15.18-0+deb12u1_armhf.deb
 bd32e04d571165b6e62c6af2e7dc0e03 1143416 libdevel optional postgresql-server-dev-15_15.18-0+deb12u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBOUsBrtd5lcy6oRfutMAkCxKbL0FAmoDSWMACgkQutMAkCxK
bL1l4A/+OJwGGlMiCY9f6tveElKPbsDlXBoiZDDdyilOIFavo+fp5mVn3to3a2aq
uA9uMa/8u/B/gM28RQCPf86BygrEEiron03Wer4KVfdi1IhKu2yWDOj6uuhmRJ2M
X4pBfh0D/T0I5PYIQPkXlbIR6uVcAVYmtUF37N5AHeyoselUR8mESAzgfF4PhtRH
UnxBb0B7cSCNgfG7E/59jlT1J8OPMr6Z4cwg7eUcm3PEoskRxLxynEMb2aphEJOZ
WajzAS5WgdCtqwybkserYmtf2vZvlhxIIh+vux7Y54P6hXfN/m9qkMYkB+7D4sSY
1JI32PmhJqvgFDgZkFb8vwRjOXqfhgmGjiuduC/0qN4E5dCZ7ub5mULLPps7vyNd
XYF64eoznlyoPq/PDeoRgg7StwYGWoHlhjQa8gr0jA4QA7loVZv5jwYz1CWopqNA
7mG0AOPf/kzuK4F3dDpJUPiAhGtE/PT8ON6mNCPc+tMmpCObh3r0jF/mnB31U0FU
PzYRVk4NKRsfEaYtoT7z29HIpKwoJBR4pku8vkBAi4m+OZysp0qUQhn88W9ABt2N
+qjzXx6z948YUBQeEcj/jD2djhwaGp/iNzSSKGqAbUM9bGswvZSh5mhJhFkkDYrF
CyntQcrpzvAwBEWgZA0n2pE6NSdUrduvS7TmJJjNESSaKDNsyXg=
=aVyN
-----END PGP SIGNATURE-----