security advisorySQL Injectionupdate
Guillaume Winter discovered that pgextwlist, an extension for PostgreSQL implementing a whitelist mechanism for PostgreSQL extensions, was susceptible to SQL injection via crafted schema and user names. For the stable distribution (trixie), this problem has been fixed in version 1.19-1+deb13u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6385-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff July 08, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pgextwlist CVE ID : CVE-2023-39417 Guillaume Winter discovered that pgextwlist, an extension for PostgreSQL implementing a whitelist mechanism for PostgreSQL extensions, was susceptible to SQL injection via crafted schema and user names. For the stable distribution (trixie), this problem has been fixed in version 1.19-1+deb13u1. We recommend that you upgrade your pgextwlist packages. For the detailed security status of pgextwlist please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pgextwlist Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Upgrade pgextwlist to fix SQL injection issue affecting PostgreSQL extensions in Debian distribution.. PostgreSQL Security, Debian Advisory, SQL Injection Risk, pgextwlist Update, Cybersecurity Practices. . LinuxSecurity.com Team
Jul 08, 2026
Debian