-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 10 Feb 2026 11:26:19 +0100
Source: postgresql-17
Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-17 postgresql-17-dbgsym postgresql-client-17 postgresql-client-17-dbgsym postgresql-plperl-17 postgresql-plperl-17-dbgsym postgresql-plpython3-17 postgresql-plpython3-17-dbgsym postgresql-pltcl-17 postgresql-pltcl-17-dbgsym postgresql-server-dev-17 postgresql-server-dev-17-dbgsym
Architecture: arm64
Version: 17.8-0+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-04) <buildd_arm64-arm-conova-04@buildd.debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
 libecpg-compat3 - older version of run-time library for ECPG programs
 libecpg-dev - development files for ECPG (Embedded PostgreSQL for C)
 libecpg6   - run-time library for ECPG programs
 libpgtypes3 - shared library libpgtypes for PostgreSQL 17
 libpq-dev  - header files for libpq5 (PostgreSQL library)
 libpq5     - PostgreSQL C client library
 postgresql-17 - The World's Most Advanced Open Source Relational Database
 postgresql-client-17 - front-end programs for PostgreSQL 17
 postgresql-plperl-17 - PL/Perl procedural language for PostgreSQL 17
 postgresql-plpython3-17 - PL/Python 3 procedural language for PostgreSQL 17
 postgresql-pltcl-17 - PL/Tcl procedural language for PostgreSQL 17
 postgresql-server-dev-17 - development files for PostgreSQL 17 server-side programming
Changes:
 postgresql-17 (17.8-0+deb13u1) trixie-security; urgency=medium
 .
   * New upstream version 17.8.
 .
     + Guard against unexpected dimensions of oidvector/int2vector (Tom Lane)
 .
       These data types are expected to be 1-dimensional arrays containing no
       nulls, but there are cast pathways that permit violating those
       expectations.  Add checks to some functions that were depending on those
       expectations without verifying them, and could misbehave in consequence.
 .
       The PostgreSQL Project thanks Altan Birler for reporting this problem.
       (CVE-2026-2003)
 .
     + Harden selectivity estimators against being attached to operators that
       accept unexpected data types (Tom Lane)
 .
       contrib/intarray contained a selectivity estimation function that could
       be abused for arbitrary code execution, because it did not check that
       its input was of the expected data type.  Third-party extensions should
       check for similar hazards and add defenses using the technique intarray
       now uses. Since such extension fixes will take time, we now require
       superuser privilege to attach a non-built-in selectivity estimator to an
       operator.
 .
       The PostgreSQL Project thanks Daniel Firer, as part of zeroday.cloud,
       for reporting this problem. (CVE-2026-2004)
 .
     + Fix buffer overrun in contrib/pgcrypto's PGP decryption functions
       (Michael Paquier)
 .
       Decrypting a crafted message with an overlength session key caused a
       buffer overrun, with consequences as bad as arbitrary code execution.
 .
       The PostgreSQL Project thanks Team Xint Code, as part of zeroday.cloud,
       for reporting this problem. (CVE-2026-2005)
 .
     + Fix inadequate validation of multibyte character lengths
       (Thomas Munro, Noah Misch)
 .
       Assorted bugs allowed an attacker able to issue crafted SQL to overrun
       string buffers, with consequences as bad as arbitrary code execution.
       After these fixes, applications may observe invalid byte sequence for
       encoding errors when string functions process invalid text that has been
       stored in the database.
 .
       The PostgreSQL Project thanks Paul Gerste and Moritz Sanft, as part of
       zeroday.cloud, for reporting this problem. (CVE-2026-2006)
Checksums-Sha1:
 f350875343df1bb92a3ddf369d6a22f08e4a4334 16980 libecpg-compat3-dbgsym_17.8-0+deb13u1_arm64.deb
 91a1d849f14e03cb6120214bc843a0a5d1daba55 17608 libecpg-compat3_17.8-0+deb13u1_arm64.deb
 50606feaa39ee49119835e8339e4684da1cca678 268688 libecpg-dev-dbgsym_17.8-0+deb13u1_arm64.deb
 673ac0099472d826cbed38b2dd32f4316c134fff 285716 libecpg-dev_17.8-0+deb13u1_arm64.deb
 b0a525e6517650ab1dd6868b251d1410d334cd68 114876 libecpg6-dbgsym_17.8-0+deb13u1_arm64.deb
 aaa6f09ff30cf340ae192f16247d1c5e2ca1cbd6 60176 libecpg6_17.8-0+deb13u1_arm64.deb
 f3943a29ce347ac9e175947617c85156ac8d9263 89340 libpgtypes3-dbgsym_17.8-0+deb13u1_arm64.deb
 ee10f82e981d88b29a0449c7a8930fb0a80d63c4 43936 libpgtypes3_17.8-0+deb13u1_arm64.deb
 ed100f3a3b6beb5a8e8d9a984da0b0a89567c3f2 148744 libpq-dev_17.8-0+deb13u1_arm64.deb
 1d262a57134bb9cfa2a4c7de9896643292980b47 297180 libpq5-dbgsym_17.8-0+deb13u1_arm64.deb
 a486770cd23d71f6ee4154ff7775028acdef44e7 220884 libpq5_17.8-0+deb13u1_arm64.deb
 df706ce50fc059a90c18bc5ff37d7ac00a1745ca 19565460 postgresql-17-dbgsym_17.8-0+deb13u1_arm64.deb
 4c60511b5d2a8f50db7703a026da7f3b285b8810 17165 postgresql-17_17.8-0+deb13u1_arm64-buildd.buildinfo
 38c04280a0a391d2cab89563ce9b1dbdcd7c6b52 16063820 postgresql-17_17.8-0+deb13u1_arm64.deb
 21ba7d7f6a8acde4a84549869779bd2489f05f9a 3020284 postgresql-client-17-dbgsym_17.8-0+deb13u1_arm64.deb
 7897a2025d07df830aa4a41c5fd45e5a2e50bd9b 1993312 postgresql-client-17_17.8-0+deb13u1_arm64.deb
 656a0297ec5fc4dfee936588548cccf0dd0c09c9 198292 postgresql-plperl-17-dbgsym_17.8-0+deb13u1_arm64.deb
 f0fa45870633547a0b0a7446233736ac104355f4 82904 postgresql-plperl-17_17.8-0+deb13u1_arm64.deb
 e4d728cb2b20a613a136889842261e415157a02c 201096 postgresql-plpython3-17-dbgsym_17.8-0+deb13u1_arm64.deb
 addcab9b02bb3053575468b1292966c6b8ac56d1 107240 postgresql-plpython3-17_17.8-0+deb13u1_arm64.deb
 c5526685c82d9f0486338241c6919a6fd1e429a4 84564 postgresql-pltcl-17-dbgsym_17.8-0+deb13u1_arm64.deb
 634190ce2ac05c4d342067405627bcd5367a6aee 41928 postgresql-pltcl-17_17.8-0+deb13u1_arm64.deb
 538bde700f0f0e435b3f3617e2de35a9de436897 56556 postgresql-server-dev-17-dbgsym_17.8-0+deb13u1_arm64.deb
 b8722138db3f36cc64d240a7699df2098eab722c 1311844 postgresql-server-dev-17_17.8-0+deb13u1_arm64.deb
Checksums-Sha256:
 fdbce037ba27127773acee6bae001e5949ef6a2a6046a73eb24e44fd695a4af0 16980 libecpg-compat3-dbgsym_17.8-0+deb13u1_arm64.deb
 939495833a2605d0832e7a0f6072d50203068d7575932d39f464844071e4d9de 17608 libecpg-compat3_17.8-0+deb13u1_arm64.deb
 8b1ece4b8e535a25b7e79748fa553c835e528b016e414bdd4b66b85e109e246b 268688 libecpg-dev-dbgsym_17.8-0+deb13u1_arm64.deb
 e8c58a9df7da71d178da3b6f2555f8ad17475d5ad08288ae5995c355777b82cb 285716 libecpg-dev_17.8-0+deb13u1_arm64.deb
 67aa6a1b714853390b8c5eddc4b76ea209163c2d148569399bf709e8bf5c5fbb 114876 libecpg6-dbgsym_17.8-0+deb13u1_arm64.deb
 792c4b7b066f71509ed1f391786261e975f74cc949515d1efebe60599155a27a 60176 libecpg6_17.8-0+deb13u1_arm64.deb
 3bef95adc0b42c6bf080f8b9ef5a39f87ffaef2051c7059142fb8725b5a2e8c9 89340 libpgtypes3-dbgsym_17.8-0+deb13u1_arm64.deb
 2d341c96185900b64ead5ae1ef098d3ad9b6e518839998318230c7dfdd1ae85c 43936 libpgtypes3_17.8-0+deb13u1_arm64.deb
 add784ec3144a7587ea62c1492c60377d2741c3abf63bb8e8adaaa437d3212c7 148744 libpq-dev_17.8-0+deb13u1_arm64.deb
 cd037c850bf491f8c249450b8cf67fb188818c6825dbddce368b311966071a9d 297180 libpq5-dbgsym_17.8-0+deb13u1_arm64.deb
 207cc605815243fb61bb4217027f68bf16da2db38ba92612fc3f67df0d532869 220884 libpq5_17.8-0+deb13u1_arm64.deb
 d2e33e39af7e4e9e26b88a925d8d760a101c16bc0df73f5499856400b37ce476 19565460 postgresql-17-dbgsym_17.8-0+deb13u1_arm64.deb
 c7964faeab432fb828e7b793f0b6ae0bf3df070eb0d922e9777dc7bf2c6c7de7 17165 postgresql-17_17.8-0+deb13u1_arm64-buildd.buildinfo
 e27c7112bb79660ca38b6355d4731028124cc5c16bc309b20cbc45e8e16197a8 16063820 postgresql-17_17.8-0+deb13u1_arm64.deb
 4c967abebbbdf626006fc366a6407a8fad51dd9fe503d8c7b1afb2995ffc531b 3020284 postgresql-client-17-dbgsym_17.8-0+deb13u1_arm64.deb
 764786127103bd53777ff4925ae6acc6cb78243c112ce31cf3358457a74f2d6a 1993312 postgresql-client-17_17.8-0+deb13u1_arm64.deb
 f90df1e3d438bd3b5ee021b31a353a2e7ad72077c57fe088e21207cabfb73e84 198292 postgresql-plperl-17-dbgsym_17.8-0+deb13u1_arm64.deb
 04bc9824b8eb2d33b138fdd8635d220e09aed3bee79bc8d596251de27e748df9 82904 postgresql-plperl-17_17.8-0+deb13u1_arm64.deb
 250d6bd4fb8648e5665195f2e29210240c008c23043b6e71f997c607aa8f4d55 201096 postgresql-plpython3-17-dbgsym_17.8-0+deb13u1_arm64.deb
 9ea97f2df3114e4728a7e9388113785585084df894da936c2683e412e238fcd1 107240 postgresql-plpython3-17_17.8-0+deb13u1_arm64.deb
 abe3c80f139e92f79c726b092f798b3aa5129e18144d5a6227bfe3ffe66ba8bf 84564 postgresql-pltcl-17-dbgsym_17.8-0+deb13u1_arm64.deb
 12279af815a32a1843fef6742aa12f09c03c3de19fb6d60a02103cdc098d66f7 41928 postgresql-pltcl-17_17.8-0+deb13u1_arm64.deb
 1c65f33328c036fb3202b44a68b54335afabe5616acd5de498ff5c9baf422d94 56556 postgresql-server-dev-17-dbgsym_17.8-0+deb13u1_arm64.deb
 5b92499a7851ad6b0bb67b8c8e586568eb380dde6b36d8f28d0949cd3e16ad84 1311844 postgresql-server-dev-17_17.8-0+deb13u1_arm64.deb
Files:
 538a87cd70b42ddd8a59ed8f99bb4e29 16980 debug optional libecpg-compat3-dbgsym_17.8-0+deb13u1_arm64.deb
 c0da1c366a9e4457f68232aaf1490d31 17608 libs optional libecpg-compat3_17.8-0+deb13u1_arm64.deb
 b580c28bf63604638874c99427de4a38 268688 debug optional libecpg-dev-dbgsym_17.8-0+deb13u1_arm64.deb
 23defd8340bd0ff931262d9a5418dbf9 285716 libdevel optional libecpg-dev_17.8-0+deb13u1_arm64.deb
 cb320465423d5e19b7308fe22de8ed09 114876 debug optional libecpg6-dbgsym_17.8-0+deb13u1_arm64.deb
 2b2d93077fa6e02d564af63c4e202605 60176 libs optional libecpg6_17.8-0+deb13u1_arm64.deb
 1e0b2493215eaabded78d831c774ed4e 89340 debug optional libpgtypes3-dbgsym_17.8-0+deb13u1_arm64.deb
 841ff2e398a30716b656c08ba35fe623 43936 libs optional libpgtypes3_17.8-0+deb13u1_arm64.deb
 613800978b5f5d64f746f7d387123e14 148744 libdevel optional libpq-dev_17.8-0+deb13u1_arm64.deb
 d986bf264d060a7e2279be4ec32414ac 297180 debug optional libpq5-dbgsym_17.8-0+deb13u1_arm64.deb
 1f7d46a9935560a3000f01fc2e15fa9b 220884 libs optional libpq5_17.8-0+deb13u1_arm64.deb
 2abcbccb4c5a878d3f7c64382f0072c7 19565460 debug optional postgresql-17-dbgsym_17.8-0+deb13u1_arm64.deb
 464b26a4da0ace4d2a522ffbf724ed26 17165 database optional postgresql-17_17.8-0+deb13u1_arm64-buildd.buildinfo
 431f2a329567b4c2b52a17bc1dd60a13 16063820 database optional postgresql-17_17.8-0+deb13u1_arm64.deb
 aef7e9d73b852850e74dca79673b532f 3020284 debug optional postgresql-client-17-dbgsym_17.8-0+deb13u1_arm64.deb
 58ad9ab1db022c3cdc0eb949df623ace 1993312 database optional postgresql-client-17_17.8-0+deb13u1_arm64.deb
 fd6bec29bf42bd51043ad1924f8c92e0 198292 debug optional postgresql-plperl-17-dbgsym_17.8-0+deb13u1_arm64.deb
 7bd822f9c53531f2b8fe03e087990e33 82904 database optional postgresql-plperl-17_17.8-0+deb13u1_arm64.deb
 6d214370d0c950eecd5dc317386ceccf 201096 debug optional postgresql-plpython3-17-dbgsym_17.8-0+deb13u1_arm64.deb
 dba594ae5c99ef75f61f815c857a8b02 107240 database optional postgresql-plpython3-17_17.8-0+deb13u1_arm64.deb
 2f95528ca9d52841ddc30a8ddbd1829a 84564 debug optional postgresql-pltcl-17-dbgsym_17.8-0+deb13u1_arm64.deb
 5e85af53057a3117936796c67f3837f5 41928 database optional postgresql-pltcl-17_17.8-0+deb13u1_arm64.deb
 2c43ffebbafb44aa499caf591056bb35 56556 debug optional postgresql-server-dev-17-dbgsym_17.8-0+deb13u1_arm64.deb
 36e073297ee05f734f3a73e0d1345255 1311844 libdevel optional postgresql-server-dev-17_17.8-0+deb13u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYxmcRLDHP0tCCM0oScpU3dYulLgFAmmLX9AACgkQScpU3dYu
lLjEVQ/+LX/OWgqkAsLPBncTF4qFHLN2hNcBeYG/UIvGftIi9BttOqJ1MPjhjrLM
AhksFgjRphEjJV7Jye4kgKHxvlGQtvgPLbkoCCqTl7hGZXJWAbijFPYPyJSASiPl
A70jeCKvdIBSt7PMjDCkoEJ2ETUlC3Q/f+PTPvW9DnOwgGtAvZYnqkZXIKKpb8LH
YIdu16VeXeDiJ5W3TGXneo4AtF8COg+PF4pl8NuSkL4dJGowLqfQ+9i8lY4JUzI2
SoamJERu0Ho/nPi2KUWw3b4zq1gFbyDzUP2tqxrc2GBrBCRoNnRRxZ5GQ57S3rnv
T703mTiPnJBidd8qx99pmOOdg/Z7GYhDFcHWtevKFqAnAA7zFpspt55UBkNN7HaC
fdGABHtorOQQ3YDldK7eWTKmpkuwmZJAjYfjI3gX4ZawHzSxnVGihiMlCIJdW2pO
yrwVsbaJvSlQi8lRcRqaY6ieC2HxEcWtHMo10rdsKzPltmzJO5Lxm441xHMNhmGV
kMeWyEwyTFqV4lpQv+hzRuxtWJNtXwkacaRxmmy77Fu4ujegZkHlfd1Io+0RCqdC
+7C9sLRyH5mmA49KGZ7Va9AMGYCUZhx6Vpx8t+dI9F92pTIzD4QzWCuHDj1YEPPV
FbfivBfOKcLMNFsLGYXS04RSmGhdht0TQ4D4pk87/warLhjJf7M=
=JnN2
-----END PGP SIGNATURE-----