-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 May 2026 12:51:10 +0200
Source: postgresql-15
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15
Architecture: s390x
Version: 15.18-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: s390x Build Daemon (zandonai) <buildd_s390x-zandonai@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 15
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-15 - The World's Most Advanced Open Source Relational Database
 postgresql-client-15 - front-end programs for PostgreSQL 15
 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15
 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15
 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15
 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming
Changes:
 postgresql-15 (15.18-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 15.18.
 .
     + Prevent unbounded recursion while processing startup packets
       (Michael Paquier)
 .
       A malicious client could crash the connected backend by alternating
       rejected SSL and GSS encryption requests indefinitely.
 .
       The PostgreSQL Project thanks Calif.io (in collaboration with Claude and
       Anthropic Research) for reporting this problem. (CVE-2026-6479)
 .
     + Fix assorted integer overflows in memory-allocation calculations
       (Tom Lane, Nathan Bossart, Heikki Linnakangas)
 .
       Various places were incautious about the possibility of integer overflow
       in calculations of how much memory to allocate.  Overflow would lead to
       allocating a too-small buffer which the caller would then write past the
       end of.  This would at least trigger server crashes, and probably could
       be exploited for arbitrary code execution.  In many but by no means all
       cases, the hazard exists only in 32-bit builds.
 .
       The PostgreSQL Project thanks Xint Code, Bruce Dang, Sven Klemm, and
       Pavel Kohout for reporting these problems. (CVE-2026-6473)
 .
     + Reject over-length options in ts_headline() (Michael Paquier)
 .
       The StartSel, StopSel and FragmentDelimiter strings must not exceed 32Kb
       in length, but this was not checked for.  An over-length value would
       typically crash the server.
 .
       The PostgreSQL Project thanks Xint Code for reporting this problem.
       (CVE-2026-6473)
 .
     + Guard against malicious time zone names in timeofday() and pg_strftime()
       (Tom Lane)
 .
       A crafted time zone setting could pass % sequences to snprintf(),
       potentially causing crashes or disclosure of server memory.  Another
       path to similar results was to overflow the limited-size output buffer
       used by pg_strftime().
 .
       The PostgreSQL Project thanks Xint Code for reporting this problem.
       (CVE-2026-6474)
 .
     + When creating a multirange type, ensure the user has CREATE privilege on
       the schema specified for the multirange type (Jelte Fennema-Nio)
 .
       The multirange type can be put into a different schema than its parent
       range type, but we neglected to apply the required privilege check when
       doing so.
 .
       The PostgreSQL Project thanks Jelte Fennema-Nio for reporting this
       problem. (CVE-2026-6472)
 .
     + Use timing-safe string comparisons in authentication code
       (Michael Paquier)
 .
       Use timingsafe_bcmp() instead of memcpy() or strcmp() when checking
       passwords, hashes, etc.  It is not known whether the data dependency of
       those functions is usefully exploitable in any of these places, but in
       the interests of safety, replace them.
 .
       The PostgreSQL Project thanks Joe Conway for reporting this problem.
       (CVE-2026-6478)
 .
     + Mark PQfn() as unsafe, and avoid using it within libpq (Nathan Bossart)
 .
       For a non-integral result type, PQfn() is not passed the size of the
       output buffer, so it cannot check that the data returned by the server
       will fit.  A malicious server could therefore overwrite client memory.
       This is unfixable without an API change, so mark the function as
       deprecated.  Internally to libpq, use a variant version that can apply
       the missing check.
 .
       The PostgreSQL Project thanks Yu Kunpeng and Martin Heistermann for
       reporting this problem. (CVE-2026-6477)
 .
     + Prevent path traversal in pg_basebackup and pg_rewind (Michael Paquier)
 .
       These applications failed to validate output file paths read from their
       input, so that a malicious source could overwrite any file writable by
       these applications.  Constrain where data can be written by rejecting
       paths that are absolute or contain parent-directory references.
 .
       The PostgreSQL Project thanks XlabAI Team of Tencent Xuanwu Lab and
       Valery Gubanov for reporting this problem. (CVE-2026-6475)
 .
     + Guard against field overflow within contrib/intarray's query_int type
       and contrib/ltree's ltxtquery type (Tom Lane)
 .
       Parsing of these query structures did not check for overflow of 16-bit
       fields, so that construction of an invalid query tree was possible.
       This can crash the server when executing the query.
 .
       The PostgreSQL Project thanks Xint Code for reporting this problem.
       (CVE-2026-6473)
 .
     + Guard against overly long values of contrib/ltree's lquery type
       (Michael Paquier)
 .
       Values with more than 64K items caused internal overflows, potentially
       resulting in stack smashes or wrong answers.
 .
       The PostgreSQL Project thanks Vergissmeinnicht, A1ex, and Jihe Wang for
       reporting this problem. (CVE-2026-6473)
 .
     + Prevent SQL injection and buffer overruns in contrib/spi
       (Nathan Bossart)
 .
       check_foreign_key() was insufficiently careful about quoting key values,
       and also used fixed-length buffers for constructing queries.  While this
       module is only meant as example code, it still shouldn't contain such
       dangerous errors.
 .
       The PostgreSQL Project thanks Nikolay Samokhvalov for reporting this
       problem. (CVE-2026-6637)
Checksums-Sha1:
 e42658e2b6b398748b0868ad765f79b9ae423bbb 16508 libecpg-compat3-dbgsym_15.18-0+deb12u1_s390x.deb
 96352c7c4cb2e685337e95acd838e9e0f96fa44c 22600 libecpg-compat3_15.18-0+deb12u1_s390x.deb
 2a8190fc698758c79eaca30e7e99365ad9c740a6 217240 libecpg-dev-dbgsym_15.18-0+deb12u1_s390x.deb
 678da60d4db93a5a02ef5c1e5aacdb2b7f7f5733 286216 libecpg-dev_15.18-0+deb12u1_s390x.deb
 2ed23a60bf88c6b08e011a544c3c4a8391433c09 113068 libecpg6-dbgsym_15.18-0+deb12u1_s390x.deb
 77f86ab95b9a041ece528fce4fa2184ec29a9eed 64524 libecpg6_15.18-0+deb12u1_s390x.deb
 0f16d74b45435b1124bf9c42d136f1a94003f02e 88392 libpgtypes3-dbgsym_15.18-0+deb12u1_s390x.deb
 709084a19997e260903f12c0cbecc7fe6fce7cc5 49464 libpgtypes3_15.18-0+deb12u1_s390x.deb
 0c2e55ce9199588a1ca81562c3ef037eb4b37e40 144192 libpq-dev_15.18-0+deb12u1_s390x.deb
 e9652eda2fde2ef7ec92d8da2e5ddb7259a507ed 277020 libpq5-dbgsym_15.18-0+deb12u1_s390x.deb
 4f4bebf9d1d6439e5818d26b032b49321327242a 185472 libpq5_15.18-0+deb12u1_s390x.deb
 1b70eac8c95b94b2141d221de9f3140511cc7638 15551048 postgresql-15-dbgsym_15.18-0+deb12u1_s390x.deb
 4c77f5638615ca46c0b35ba49d29ea11d5f9bb87 16206 postgresql-15_15.18-0+deb12u1_s390x-buildd.buildinfo
 f9ad72f367ad306d27411b5a7d7bf16c672bdd6e 5685360 postgresql-15_15.18-0+deb12u1_s390x.deb
 deb0d345134bbd28863e0eb3bcc8acc1dc27879d 2490444 postgresql-client-15-dbgsym_15.18-0+deb12u1_s390x.deb
 71d5ae8cd1e3cefd4fc35c33944f67a6933a8f83 1683760 postgresql-client-15_15.18-0+deb12u1_s390x.deb
 14cc19a37c86d60d4582a7816ae1acb26993ab6d 180344 postgresql-plperl-15-dbgsym_15.18-0+deb12u1_s390x.deb
 681392f501b00e6a7168d4795f3838eb06ecb7fe 70944 postgresql-plperl-15_15.18-0+deb12u1_s390x.deb
 77fedd7b9473198e14ffc8e6b6ef2a1e92ce4b31 170548 postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_s390x.deb
 094e6acc79a896c8a3a774239a508abdda6027f5 93836 postgresql-plpython3-15_15.18-0+deb12u1_s390x.deb
 f7d0cb0ab4a2b57d1d67ab0db8250a353dfa763a 77768 postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_s390x.deb
 b29446ba6a353cdbc32a2c522a062c4944017777 46604 postgresql-pltcl-15_15.18-0+deb12u1_s390x.deb
 b0bf23a9694402d4cedc8a603e0a4c2eb9b38ef5 1150280 postgresql-server-dev-15_15.18-0+deb12u1_s390x.deb
Checksums-Sha256:
 2fdbf024a9a0f5c2237c09fb88b6c2f51c482fe95ce9aaedb1e893f81a310f6d 16508 libecpg-compat3-dbgsym_15.18-0+deb12u1_s390x.deb
 61b7830adae060ff7740fa61e0dc9e0a2fdf23b560c3e82caa3fb8d618a2dc8e 22600 libecpg-compat3_15.18-0+deb12u1_s390x.deb
 30eacdcb7754455df9fa3741c0077763cb250a1823e0958a4b84549b1510266b 217240 libecpg-dev-dbgsym_15.18-0+deb12u1_s390x.deb
 80860d21abe5dbfa704db616b09c805e9ec6231d4a5913a8f5e22868607b32ff 286216 libecpg-dev_15.18-0+deb12u1_s390x.deb
 2c84675ee2ebb25e8b91aa15e62665c4bb712b6cf404731d404b415087767945 113068 libecpg6-dbgsym_15.18-0+deb12u1_s390x.deb
 63ac4315a244ee8c4aea2daf890926bf817c6f756259e4f470e75d8679fc398e 64524 libecpg6_15.18-0+deb12u1_s390x.deb
 c9296b077aa859ced60a1fd4b984951e64f0a27a2a7833357c33c0129afb1a72 88392 libpgtypes3-dbgsym_15.18-0+deb12u1_s390x.deb
 aed9b96309c65f0b5143c5ce8a396126a7262a16c1e0c0d2834df5391620112c 49464 libpgtypes3_15.18-0+deb12u1_s390x.deb
 7df183bcf647ef8911a6ed09cb6f61d34a9d20b696b047c058ba30f6b3e412e7 144192 libpq-dev_15.18-0+deb12u1_s390x.deb
 b9a6fdaa166190f8be1eab2c554ec745e9813287ccb000d7a607064f96373a68 277020 libpq5-dbgsym_15.18-0+deb12u1_s390x.deb
 dd526cf00dea3f243d02c777a6c52712aee3d13db7502b72341778cf1096494a 185472 libpq5_15.18-0+deb12u1_s390x.deb
 ac7c329cd346e03e7f579457617add7652d923a3db0e1a691a22faef4df5ab7a 15551048 postgresql-15-dbgsym_15.18-0+deb12u1_s390x.deb
 620487141e371f11014ae189a445156c67b8ad6cfa867d4bea37c472f1f3bbd4 16206 postgresql-15_15.18-0+deb12u1_s390x-buildd.buildinfo
 3563bfad8b030f9b455aefe92f636fa6becc6acccd8482c951e44f8fa2d01b8b 5685360 postgresql-15_15.18-0+deb12u1_s390x.deb
 ad148e2d35b2f659ed6a00f4614f2a6aa68b2c65bdbffdd1a00649197849f017 2490444 postgresql-client-15-dbgsym_15.18-0+deb12u1_s390x.deb
 46f16cddfa14ddcfd5d76302d2510c09aa07a7c7dc271f4998764484f2e05de1 1683760 postgresql-client-15_15.18-0+deb12u1_s390x.deb
 89cfb3ce20d4bdf71d2ef633b95f14377bf12a378aac93c9b10a301bdfa23e6b 180344 postgresql-plperl-15-dbgsym_15.18-0+deb12u1_s390x.deb
 0934a3b7c3a7634c71bd9d2a3a588bfd1ea57e3bc8cba8fe4c472ddfab7eb080 70944 postgresql-plperl-15_15.18-0+deb12u1_s390x.deb
 0379afa261b24befc60bf69d3090352bb878ed82c693066234ccd097f32c62ba 170548 postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_s390x.deb
 b0287ef75aa21e6e78d252ee0ae14d3058e36e12f28d622069f8c3fb6c945c5e 93836 postgresql-plpython3-15_15.18-0+deb12u1_s390x.deb
 1f363823385132e4ea9cfbecb92f9f93ec3065a10c5400224c687d8615a3577b 77768 postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_s390x.deb
 74620ec1cdfdaf175095f9fe4a8a54e37cb4ac7227fba77a9fdb8600507285fd 46604 postgresql-pltcl-15_15.18-0+deb12u1_s390x.deb
 d36d3333bc7cd8092f5ade9d9bc82c0c6abcd50ce467545c6596f61835e849c7 1150280 postgresql-server-dev-15_15.18-0+deb12u1_s390x.deb
Files:
 78105bd86a7ea616296399018d295d14 16508 debug optional libecpg-compat3-dbgsym_15.18-0+deb12u1_s390x.deb
 d30ed23a752cb9844295f242bed00ec1 22600 libs optional libecpg-compat3_15.18-0+deb12u1_s390x.deb
 3ab0ed5cf47f3b6d1ab7d7a994561adb 217240 debug optional libecpg-dev-dbgsym_15.18-0+deb12u1_s390x.deb
 05e0f0a998a89e333bdebd2fb85726fa 286216 libdevel optional libecpg-dev_15.18-0+deb12u1_s390x.deb
 9caa05ee71d352d042617656a00b9c99 113068 debug optional libecpg6-dbgsym_15.18-0+deb12u1_s390x.deb
 38ae9e7da1af3daceb84d848193b980a 64524 libs optional libecpg6_15.18-0+deb12u1_s390x.deb
 7c73651260a0501255566a6935ec9115 88392 debug optional libpgtypes3-dbgsym_15.18-0+deb12u1_s390x.deb
 23bdf36cf3ec7eee351d636ade8706b4 49464 libs optional libpgtypes3_15.18-0+deb12u1_s390x.deb
 63dd0f57431410ff02ff00c4a920a26c 144192 libdevel optional libpq-dev_15.18-0+deb12u1_s390x.deb
 9e7a152f78db15619bdd9d2a229fa28b 277020 debug optional libpq5-dbgsym_15.18-0+deb12u1_s390x.deb
 4e74e3f7de3267a6745f14c02f52b870 185472 libs optional libpq5_15.18-0+deb12u1_s390x.deb
 6ff313fb00687e3f2711386eeb4b939c 15551048 debug optional postgresql-15-dbgsym_15.18-0+deb12u1_s390x.deb
 33ab8b954695764b09d8673b6f65c746 16206 database optional postgresql-15_15.18-0+deb12u1_s390x-buildd.buildinfo
 d71cf4da5c937ce093cf3296bdb2cf26 5685360 database optional postgresql-15_15.18-0+deb12u1_s390x.deb
 917d73182bbc87d9bb4bf7d7a8fd14e7 2490444 debug optional postgresql-client-15-dbgsym_15.18-0+deb12u1_s390x.deb
 3d101c0077e59e1c030b45af9b4a0a4c 1683760 database optional postgresql-client-15_15.18-0+deb12u1_s390x.deb
 d62143e14ed102808e2d6193bcfcde81 180344 debug optional postgresql-plperl-15-dbgsym_15.18-0+deb12u1_s390x.deb
 10e4c9f0dcf02052a4fab14d319bd286 70944 database optional postgresql-plperl-15_15.18-0+deb12u1_s390x.deb
 58243638114086c7926db4e2a350210f 170548 debug optional postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_s390x.deb
 ad609877530fdbc4270e686edd43a9e6 93836 database optional postgresql-plpython3-15_15.18-0+deb12u1_s390x.deb
 ae85b13821487088969c58b892db81fd 77768 debug optional postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_s390x.deb
 58f11e041920ebb296395d5d4b89c92e 46604 database optional postgresql-pltcl-15_15.18-0+deb12u1_s390x.deb
 08917b398ac80f2cbedcbda324a10773 1150280 libdevel optional postgresql-server-dev-15_15.18-0+deb12u1_s390x.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEENly2ANlpa4eeqnluvVOPI7pYNpgFAmoDQY0ACgkQvVOPI7pY
NpiIHxAAndqJ8dGYV+0zuQoSORK1QpAYVhnMsagmqMB0uP8hLwiYBXsy/GrNBiAm
H5RLIImjIViMEe3IEZlGV8t0gudaAAmt0b2zSTXDpsIGqDtWQa7j7Q4gfcdcX53o
kswgmQtoIWlIsmrSxOfKQy/W36oRY2mWOItNhV3VqKeGTNA/Tlx3M6s0Tz1yQoj2
QuNd2aRWF/zgSKh4j29DecwzpRIkaM1ItCzLNGahcmYS1nkkAg/2BdkwE87pG8Fz
E/1C/Sn2aCcG9VjQ0XpynuAUC8oj/+llRB2slI31dUxBQ7rH6QBjQnFvDnaxjthA
H2tOB6r2V+6nwd2xcOrEOdf7lGyZwHhIxp3KaN+FWuDUbTq6oLHds0JZKlsF+6xG
M4cCa0hMlOcGcho0PwHHPzSuFVFJs1n20Sf5zWK4PVhp1/czL/nRaKkOFirZddGA
THy16tyRXUT7IYd3HcXncMKBDY3F50RopN3dzQ5vPKUCK1aY0EWa4V9i1fPnhy+h
am1xjxdODPfyXCZVwmC5xgiVjKLryjffqxJOgnhwOkcyMsseZjN7ZJgfealdZh5I
ZKbttLf4+Kd/RGTC6kmsFQGd0MUx3w/WJi2cxUc+JwLDZP7QQ2eKCHEFt5ZBSNI+
XNuRnZ4mXdyeXY1gaf3yZHR1WJmH6QN5YYg9Kio4uYHhtfecoLY=
=uzx1
-----END PGP SIGNATURE-----