-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4052-2 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 21, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : postgresql-13 Version : 13.20-0+deb11u1 CVE ID : CVE-2025-1094 The fix for CVE-2025-1094 included an error that caused the PQescapeLiteral and PQescapeIdentifier methods to ignore their length parameter, reading until the null terminating byte instead. That could cause unintended characters to be included on the output, or worse, buffer overflows. For Debian 11 bullseye, this problem has been fixed in version 13.20-0+deb11u1. We recommend that you upgrade your postgresql-13 packages. For the detailed security status of postgresql-13 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgresql-13 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAme4P1QACgkQnUbEiOQ2 gwIGEw/8DGxIg83YpyDOewXSD1bLrorq3aaXm+++D8AdC9Uyx18dBCb8PJPJSwkb E25Yue15pPk/zZ6W8cEhohwsKvdmSSkuPB/j+A9RMDaFG6BpwCbs9TSMY46R+5yr l/0aRP6S5bjeEnWL3VSju8kgufcc3pOjzMTznO2+zyC1zdXRgOgrdKwm7nMp2Xgi K/8qiYrmnwb/QpNqYEMudmefru58/yhQ18qySaIOKj+4nBuQxQ6OUv8l4IrSzGI+ MlqeVS9Yr6ZWtt3MGY4dp32ocAQLoSlmJEGfNb4nqs3pco5IgOIKqT8y2gnt2sUz 9Piy2pGn4W2n96TzXmfozbLPpMp9CMTbjzIdEM6Fw6MeUeYVyNuW196M/yBPd+vE Y7dN5O60YKs36r8YI3Xjlf/21ktR9tGAf8WunKaVcIx2MLI9DOGDaWnErUu286gr BMakWfzC3wSTJTHqlzBsktMtBPFOT7JHdriDkqnoMwZqmTzV/ujR4vNq1eW0N7g6 NxOgTfmweLfgC+N9AQFXHMVKUQVXOH3gLbUHUIhl4Yhs4t+0+ZokU9JUSLICv25B +2dAUV4LC8p6XC0tb8TNyJ54+20gr6PUhnw772xUkDZ8ifPCUaxgk2xw9ugGEPuL 2FJqhCjFuBMXd//VYKaNqYja/RMlcf1C9A7apBO3TN4lCaLSiIA= =tvip -----END PGP SIGNATURE-----
