| Package | postgresql-11 |
|---|---|
| Version | 11.22-0+deb10u5 (buster) |
| Related CVEs | CVE-2025-1094 |
PostgreSQL, a popular database, was affected by a vulnerability.
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns.
For Debian 10 buster, these problems have been fixed in version 11.22-0+deb10u5.
We recommend that you upgrade your postgresql-11 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.