-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 10 Feb 2026 11:26:19 +0100 Source: postgresql-17 Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-17 postgresql-17-dbgsym postgresql-client-17 postgresql-client-17-dbgsym postgresql-plperl-17 postgresql-plperl-17-dbgsym postgresql-plpython3-17 postgresql-plpython3-17-dbgsym postgresql-pltcl-17 postgresql-pltcl-17-dbgsym postgresql-server-dev-17 postgresql-server-dev-17-dbgsym Architecture: armel Version: 17.8-0+deb13u1 Distribution: trixie-security Urgency: medium Maintainer: arm Build Daemon (arm-conova-02) Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 17 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-17 - The World's Most Advanced Open Source Relational Database postgresql-client-17 - front-end programs for PostgreSQL 17 postgresql-plperl-17 - PL/Perl procedural language for PostgreSQL 17 postgresql-plpython3-17 - PL/Python 3 procedural language for PostgreSQL 17 postgresql-pltcl-17 - PL/Tcl procedural language for PostgreSQL 17 postgresql-server-dev-17 - development files for PostgreSQL 17 server-side programming Changes: postgresql-17 (17.8-0+deb13u1) trixie-security; urgency=medium . * New upstream version 17.8. . + Guard against unexpected dimensions of oidvector/int2vector (Tom Lane) . These data types are expected to be 1-dimensional arrays containing no nulls, but there are cast pathways that permit violating those expectations. Add checks to some functions that were depending on those expectations without verifying them, and could misbehave in consequence. . The PostgreSQL Project thanks Altan Birler for reporting this problem. (CVE-2026-2003) . + Harden selectivity estimators against being attached to operators that accept unexpected data types (Tom Lane) . contrib/intarray contained a selectivity estimation function that could be abused for arbitrary code execution, because it did not check that its input was of the expected data type. Third-party extensions should check for similar hazards and add defenses using the technique intarray now uses. Since such extension fixes will take time, we now require superuser privilege to attach a non-built-in selectivity estimator to an operator. . The PostgreSQL Project thanks Daniel Firer, as part of zeroday.cloud, for reporting this problem. (CVE-2026-2004) . + Fix buffer overrun in contrib/pgcrypto's PGP decryption functions (Michael Paquier) . Decrypting a crafted message with an overlength session key caused a buffer overrun, with consequences as bad as arbitrary code execution. . The PostgreSQL Project thanks Team Xint Code, as part of zeroday.cloud, for reporting this problem. (CVE-2026-2005) . + Fix inadequate validation of multibyte character lengths (Thomas Munro, Noah Misch) . Assorted bugs allowed an attacker able to issue crafted SQL to overrun string buffers, with consequences as bad as arbitrary code execution. After these fixes, applications may observe invalid byte sequence for encoding errors when string functions process invalid text that has been stored in the database. . The PostgreSQL Project thanks Paul Gerste and Moritz Sanft, as part of zeroday.cloud, for reporting this problem. (CVE-2026-2006) Checksums-Sha1: b9dcee318bc54a6dcb035fcb80e93842a937fb60 16656 libecpg-compat3-dbgsym_17.8-0+deb13u1_armel.deb 29cf3786e6db7c49c5fa018ddf0c8634939c1d0e 16464 libecpg-compat3_17.8-0+deb13u1_armel.deb 8e324786497a329b4eabc141576d71e74a7b4ad1 248044 libecpg-dev-dbgsym_17.8-0+deb13u1_armel.deb 8cd2d0841c0f9e82219c1d02c2082c02c9bca6cb 282644 libecpg-dev_17.8-0+deb13u1_armel.deb be59c996f3479a3f4121abcc06512152459ee9bb 112724 libecpg6-dbgsym_17.8-0+deb13u1_armel.deb b2d2b588833bef26b7b3409618799248b77bb703 56628 libecpg6_17.8-0+deb13u1_armel.deb 4e900b0f88541b9ed53136c084a255a202c4b536 90764 libpgtypes3-dbgsym_17.8-0+deb13u1_armel.deb 5d5f488a8ad721a86b3a9bafba976a64b1715ba1 42652 libpgtypes3_17.8-0+deb13u1_armel.deb 96bc21ce90c6856cdff22a103f84b1e7d32e2047 139468 libpq-dev_17.8-0+deb13u1_armel.deb e4dbc7c04ba394f2ade4b8422875b494bd592358 291980 libpq5-dbgsym_17.8-0+deb13u1_armel.deb 50b3ff07db4d4ddcc435d1f8fbf19a34fe8efc61 209664 libpq5_17.8-0+deb13u1_armel.deb d1f7f4ec37e8dec8647aeb7add9aa1c1f6b1c42c 18772032 postgresql-17-dbgsym_17.8-0+deb13u1_armel.deb 1046945609151923c497e329e89f69d103233407 17027 postgresql-17_17.8-0+deb13u1_armel-buildd.buildinfo 64f0d8ddf9d08ffb6d1d305ed772685bb8743328 15882832 postgresql-17_17.8-0+deb13u1_armel.deb 63a91a309f412cbdb4465cf2c5793c29e45f4ba1 2750728 postgresql-client-17-dbgsym_17.8-0+deb13u1_armel.deb e5dbd09cbc04da0e9cd58bbe20836fac86cf5cd5 1922444 postgresql-client-17_17.8-0+deb13u1_armel.deb fb649ffa3ab9450b4235301303f48003b322fbb6 196888 postgresql-plperl-17-dbgsym_17.8-0+deb13u1_armel.deb a6a01a45245e2f1dd2a03761dd8cd206c92c97e0 82192 postgresql-plperl-17_17.8-0+deb13u1_armel.deb e099e050ff1da572775ac7e51d19532cdf13be4d 197564 postgresql-plpython3-17-dbgsym_17.8-0+deb13u1_armel.deb 4872a23af66e9c050a464c17009e8ea9adecd612 105316 postgresql-plpython3-17_17.8-0+deb13u1_armel.deb 2005424f4b4e9fa9278e428636d9b4c87b8987fe 82696 postgresql-pltcl-17-dbgsym_17.8-0+deb13u1_armel.deb 76f5c02a9c0c9d8b22ea6fc85373609859bfdd01 40864 postgresql-pltcl-17_17.8-0+deb13u1_armel.deb 90056599d3660b415273736ec4fd3424ce11d754 56392 postgresql-server-dev-17-dbgsym_17.8-0+deb13u1_armel.deb 5779fafa68809bb0d17f38ef150c21d9c6fc9ca9 1301640 postgresql-server-dev-17_17.8-0+deb13u1_armel.deb Checksums-Sha256: 0c3656f7e8c3dd7842efd70fe472589bf2e394684fe6f534c2f8836062fc1f58 16656 libecpg-compat3-dbgsym_17.8-0+deb13u1_armel.deb a4a26de38b5c4e3550dca62ae9e3273d3f329248935f6b7206e08932427611fd 16464 libecpg-compat3_17.8-0+deb13u1_armel.deb 0dcff7aa858395471c42a715381e67ae22c50a97b420a8fc95a3289f4199d124 248044 libecpg-dev-dbgsym_17.8-0+deb13u1_armel.deb 023da52b2d5fd197155e3d0312d08bdb097e0b911bd5a04901b9bb2e47f7d7a4 282644 libecpg-dev_17.8-0+deb13u1_armel.deb e044b757e169a12448448c9d838201a7fecd2c5e86fef98b3e3a18d2c2a65bde 112724 libecpg6-dbgsym_17.8-0+deb13u1_armel.deb 14465ba2ad5a7620e1a7ab8e6b8ea545cfd3511ab0836199accd2927fbbbe050 56628 libecpg6_17.8-0+deb13u1_armel.deb e186b10abfa887b5fd89b256ff51c480ce10fdf7a2d8090ba8c60196a1658a88 90764 libpgtypes3-dbgsym_17.8-0+deb13u1_armel.deb f6eebdbc1769c25bf592819d38d55d99ba38d969c9f37225a0acad061e8efcfb 42652 libpgtypes3_17.8-0+deb13u1_armel.deb 867eee693268353db01e7adf1d0eff4fb9c2ac5af6468008ce7644078d83c51a 139468 libpq-dev_17.8-0+deb13u1_armel.deb f2936abbddf6e0bfd480432a5cdecceed621abc08914dfedb9b708f5c41b8caf 291980 libpq5-dbgsym_17.8-0+deb13u1_armel.deb 0e93c3d4d638e2c3b33eadcc9ef630b091bbb3eae4f216affaa8814c5572a85c 209664 libpq5_17.8-0+deb13u1_armel.deb edf36f9170d227734563a69538140012bfe9fd0593a362cd0828fd49d02312df 18772032 postgresql-17-dbgsym_17.8-0+deb13u1_armel.deb ce7cb21679beae788188fcd388d42cbde72e929beb9160d1dd91f687bb78e194 17027 postgresql-17_17.8-0+deb13u1_armel-buildd.buildinfo a01c92108bcc82d53171fe2b133c90a8cc11f394d315893fb371f519656f92db 15882832 postgresql-17_17.8-0+deb13u1_armel.deb 5d535c5f48c7582829c02d762f05e01a152190730682fdba50754c256fa96740 2750728 postgresql-client-17-dbgsym_17.8-0+deb13u1_armel.deb 64d97f096a1f65a1c03baea73654b8291c4d1cf680ef6559f671bb41b7a5439c 1922444 postgresql-client-17_17.8-0+deb13u1_armel.deb 04deba005bb3b4d88f71c0a91849c825127b2044293d86b5e3c25e1fc5380f81 196888 postgresql-plperl-17-dbgsym_17.8-0+deb13u1_armel.deb 67f89ef00ef58bc81f0178d09fac77a57850182f4270a011737bb9ff0b74f07b 82192 postgresql-plperl-17_17.8-0+deb13u1_armel.deb 4ac71debd95ea73b1b3729e90dfee6018aebc9caa52494b1b163084c7e1a11cf 197564 postgresql-plpython3-17-dbgsym_17.8-0+deb13u1_armel.deb ba31606ff5f0a2a82373d6cce3c62d94a4c595bd4d9e99cee8980aecbd6d057a 105316 postgresql-plpython3-17_17.8-0+deb13u1_armel.deb c610d1219e781c29d28017ae0bbe5d4d00150afb48e4184a75cea1e3c40931cb 82696 postgresql-pltcl-17-dbgsym_17.8-0+deb13u1_armel.deb e46c32c7eb631862c5a25647dd132575c59ddea37415b7acbed759555f9d103b 40864 postgresql-pltcl-17_17.8-0+deb13u1_armel.deb f1d8e06de15103d60d12bbe008fe57119fb535cf16986635116cdd852d8035fb 56392 postgresql-server-dev-17-dbgsym_17.8-0+deb13u1_armel.deb b8867a38791c4ac98bce001ace4592ccdde483a31f3aa47f73c57d8d3ccc077b 1301640 postgresql-server-dev-17_17.8-0+deb13u1_armel.deb Files: 4840798c0103c4fc858268a9a6be436d 16656 debug optional libecpg-compat3-dbgsym_17.8-0+deb13u1_armel.deb 902ab9455c21c8760e4e8fe38a578e3a 16464 libs optional libecpg-compat3_17.8-0+deb13u1_armel.deb 4968d9801f14860693038717a05d1e6c 248044 debug optional libecpg-dev-dbgsym_17.8-0+deb13u1_armel.deb b682fbb33d122cd2e5dc5c88d327da5b 282644 libdevel optional libecpg-dev_17.8-0+deb13u1_armel.deb 6ee8dd1bdc5043edf731464deebc0f3e 112724 debug optional libecpg6-dbgsym_17.8-0+deb13u1_armel.deb 527dba0c75c408c11328fe0dc066b929 56628 libs optional libecpg6_17.8-0+deb13u1_armel.deb 024e663097062b9834c6f695d376ee0f 90764 debug optional libpgtypes3-dbgsym_17.8-0+deb13u1_armel.deb 6a49cbf844b48031b1e0a67c905bd357 42652 libs optional libpgtypes3_17.8-0+deb13u1_armel.deb 099bdc5539b1803a15918ec7983518a8 139468 libdevel optional libpq-dev_17.8-0+deb13u1_armel.deb 986b824ec9b21424ba55d95590a3bd51 291980 debug optional libpq5-dbgsym_17.8-0+deb13u1_armel.deb 2e2d3333cdd3eb4c727104b5814b410a 209664 libs optional libpq5_17.8-0+deb13u1_armel.deb 257dc809f5fd1d975abe5498d1d67ca2 18772032 debug optional postgresql-17-dbgsym_17.8-0+deb13u1_armel.deb 94270859d0cd31a6a503afb67469dad4 17027 database optional postgresql-17_17.8-0+deb13u1_armel-buildd.buildinfo fa97a834d41de2a6b545b4ac1460b5be 15882832 database optional postgresql-17_17.8-0+deb13u1_armel.deb 53163f257dcaf9017248050fd10ea09b 2750728 debug optional postgresql-client-17-dbgsym_17.8-0+deb13u1_armel.deb cf755eaf6e6cc330921f8b702e06f93a 1922444 database optional postgresql-client-17_17.8-0+deb13u1_armel.deb 4e89a9e63a8bcae41df87c5d48824eea 196888 debug optional postgresql-plperl-17-dbgsym_17.8-0+deb13u1_armel.deb 46d925f487c385a650f7ed3c32b8fb83 82192 database optional postgresql-plperl-17_17.8-0+deb13u1_armel.deb 36385b0d161626f6b1fdc0edf6b3c9d5 197564 debug optional postgresql-plpython3-17-dbgsym_17.8-0+deb13u1_armel.deb 900a6498edebafbd3d0d9cde1db618ca 105316 database optional postgresql-plpython3-17_17.8-0+deb13u1_armel.deb fa7097b55e05359a778889da394d7c9a 82696 debug optional postgresql-pltcl-17-dbgsym_17.8-0+deb13u1_armel.deb c85eb837af72894a72f5071d1cfb70cd 40864 database optional postgresql-pltcl-17_17.8-0+deb13u1_armel.deb a2ba9c6d196b2d8a3debb1b00d399e45 56392 debug optional postgresql-server-dev-17-dbgsym_17.8-0+deb13u1_armel.deb 120cbd504aea0ab8ebd53ee6d9d319f6 1301640 libdevel optional postgresql-server-dev-17_17.8-0+deb13u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEWHj9K9pO9l4btbD1OQKMdMnEH5MFAmmLZqwACgkQOQKMdMnE H5MDnQ//VWqQlE38hWAGJ5NY+9ikwGBUCZXZm/jC0lG9mlFbNbzGwwnUL4dMkQx1 rIhMaYxf3O3vQ9/WRWEfng/E0CuCqxlKJy5cIjtXvVQW03cHBwrol8AOzaRK/wVm 6bW6mQD64PuoGSx+8eVZ573ZjucftQWxvCF+ub3fnUPn/KNfnAdJjEgPp0Xqio9P OgAn+WCRN+z5vLyXOVf+3bNgIhxH0Mx7dW2NOcc22nsV/LarH6iKoIJ5pIS2F9GM WID3B79VZTLbAe9d6K6ZoUFVDbIGozVx1nlVfwfj5qXhSIVmJcZ3dNOrkSni+nPQ mFe4AH+wy6RGXU5uB+EIbQ45eZHmCQLQi76rMFm15VFuPAIaQn5o6FUF2l/bKnjB KTbgpn8b8vPEjR5k6vmP7NKWeA8B+vxRjtDpb5aHIChsZWLsViaFY9kJ8fOO4N8O pWpMaVtSLoyqocOjy+9tlV+0vjq5RRpStKu7A30mmWa4aZONuNKQdJ/A8OXQHeQA eoQI9rkGiED0xm0LdgPqlEk2/E3sRmL/Xzlxr5thUMuH11coLHVRejxRengijqsQ 2uBaR6st3IVTwnYr4zqYtm+Z2OLsFGTtuwhHlviO2+a7OG6/jnEUUFag8gmcANYE sGlRskTxDQQOn3ugdsIshlQEMWPvOrbyQJIOUz4b4IqwQtYxSPU= =Ey/b -----END PGP SIGNATURE-----