-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 10 Feb 2026 11:50:28 +0100 Source: postgresql-15 Binary: postgresql-doc-15 Architecture: all Version: 15.16-0+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Christoph Berg Description: postgresql-doc-15 - documentation for the PostgreSQL database management system Changes: postgresql-15 (15.16-0+deb12u1) bookworm-security; urgency=medium . * New upstream version 15.16. . + Guard against unexpected dimensions of oidvector/int2vector (Tom Lane) . These data types are expected to be 1-dimensional arrays containing no nulls, but there are cast pathways that permit violating those expectations. Add checks to some functions that were depending on those expectations without verifying them, and could misbehave in consequence. . The PostgreSQL Project thanks Altan Birler for reporting this problem. (CVE-2026-2003) . + Harden selectivity estimators against being attached to operators that accept unexpected data types (Tom Lane) . contrib/intarray contained a selectivity estimation function that could be abused for arbitrary code execution, because it did not check that its input was of the expected data type. Third-party extensions should check for similar hazards and add defenses using the technique intarray now uses. Since such extension fixes will take time, we now require superuser privilege to attach a non-built-in selectivity estimator to an operator. . The PostgreSQL Project thanks Daniel Firer, as part of zeroday.cloud, for reporting this problem. (CVE-2026-2004) . + Fix buffer overrun in contrib/pgcrypto's PGP decryption functions (Michael Paquier) . Decrypting a crafted message with an overlength session key caused a buffer overrun, with consequences as bad as arbitrary code execution. . The PostgreSQL Project thanks Team Xint Code, as part of zeroday.cloud, for reporting this problem. (CVE-2026-2005) . + Fix inadequate validation of multibyte character lengths (Thomas Munro, Noah Misch) . Assorted bugs allowed an attacker able to issue crafted SQL to overrun string buffers, with consequences as bad as arbitrary code execution. After these fixes, applications may observe invalid byte sequence for encoding errors when string functions process invalid text that has been stored in the database. . The PostgreSQL Project thanks Paul Gerste and Moritz Sanft, as part of zeroday.cloud, for reporting this problem. (CVE-2026-2006) Checksums-Sha1: 30e7fc5f0699f1236fc1b88f058b7ee094199b41 10688 postgresql-15_15.16-0+deb12u1_all-buildd.buildinfo f27169c00a44562e0a5ad1b394ab38f258e24f91 2088496 postgresql-doc-15_15.16-0+deb12u1_all.deb Checksums-Sha256: 8f17998ec714841ec25418309c88b2d8c4a2f6849bc07d07359bad38f6210621 10688 postgresql-15_15.16-0+deb12u1_all-buildd.buildinfo 93737e4e6bcb10f3a9ae6c5fa12f3f92eb486210519bb14039ec78591f6899ef 2088496 postgresql-doc-15_15.16-0+deb12u1_all.deb Files: 0517bd3b11c745518a29709e11b9af0a 10688 database optional postgresql-15_15.16-0+deb12u1_all-buildd.buildinfo 86673357e547580894d5e5fbf484eadd 2088496 doc optional postgresql-doc-15_15.16-0+deb12u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEj4Fym5GgeZdPqKhrJm69HxMTN+oFAmmLWGkACgkQJm69HxMT N+rlNw//e8jvWnue+M4qxPMNE83RMKIZnEV9b75NXhlMVDCaElDkBvBFF63uedl3 oaZ7/eE7zN1BbyCYDjYDNkCcABgpkYgPYDFj1sA1/wkF/pM9kXBQwl9GwccmSnFE 79IccmzdyScqxUUT/hbOaLpef/dmfDqFl7kg8gp9f+im4OBSEjJlJ6w9plSxYDBB fPD3EsCbYWTJxExr/+rSYRpun/xjcAdBtTzttk1Mk5cgYgZVJdiHo1ZY+iE6tlvF O07YVrKIboK3sYF39Bf0hzjUmZU0HxdN9KNPH6VySlMgrYfdOMrppP+uyBD9CCcZ hxU/tRcayiriMuRN5/QxnyIek69zxpLunm4lTUie1ZL3RZI64EOTfn8RCHpNz3lN ELAMBQAa3rPRAgXxjnxUSd6QCFTrCReCrq1wU7W6V+1c7VwMIIuR9mPAiLbdyyBs tnZY5+TZxi8LDbuEh9rqRoszViX+/77wZZCTX86UjeMl6LH+AIdKAb7fLExJp83/ H5U9Ih10cMqK1N68KjmVkoRPyBVWzIBlDfxr5C/g15EMqgcI9EPbPUUhkUI5XQEY 7lRPRLzR2iACraekSE9O/QrUbJeXeqGVHBVWlWrqR/7V6xnfjPptmqf3LPTWL9FY TlIQb6RFDeSRH0wmteLYDWhtkAChDjOM9TMrnmnJcneE13ssMao= =1fhb -----END PGP SIGNATURE-----