-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6385-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 08, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : pgextwlist CVE ID : CVE-2023-39417 Guillaume Winter discovered that pgextwlist, an extension for PostgreSQL implementing a whitelist mechanism for PostgreSQL extensions, was susceptible to SQL injection via crafted schema and user names. For the stable distribution (trixie), this problem has been fixed in version 1.19-1+deb13u1. We recommend that you upgrade your pgextwlist packages. For the detailed security status of pgextwlist please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pgextwlist Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmpOwBsACgkQEMKTtsN8 TjbxQw/+ItKwKR7JmC9HMM2xX4dsLHIyU/vCv2cIoX/q9vZl5Dmc1lkGJ8kWLxaw Wmwpz8naS1sjaPQ2dw+LVQBXLlVLgt9QFBMWPmRVr4OCdk/qOkO5OEntWlULKW+v y/49X6cCvVS68D1h78EASZexcCXBiStKNn8MM5lNzyTtDYWCFCdJo6B4gjkqvBAh nTTsVNRWe6d6BMo79ybGolOK0Bg2pmU7omdeWdHeHMvVHkxGFCHpLD+j2kMk3b3A vW+wNQ0nC9llDz4fRTi9Y+Btl9ZB8+PA+yeZOrVe9q+jQNAwGP+2tfmaLhzIRqN2 ETXxuuUczB2fI82MD76+TYKrrMEefN7Crg/4Ba+TsFd9qjtmTIbeIWLpgbdGqHZM R/Cy9bPdf/kU7D32cy+4gBlG9coRb40Qr1BOWUCP+cafrZo6GbQtWn4bIFFU5fpB aZPIcp3MqZ+GH+rvbt9mVfBwXdbgw/4IuYo6ghzPm7xye/e1e/ICsIlj0feSFbcM hb+aHJZoxUhVLK+3T8v+yhIAeGtrui3KAPsXLUzq46zGDR+mS+0BcPn5E4ngNGLR hVLLvhiJP43JO5M9H87f/tGHlfMBWR7LPiGU980L8Fk1UQKEdDumYo36h+0UhAK6 tcWVEsLPTTSGEaaapDmM9sGqvoywLGgZNq3BUM/UjRHwii3nGMw= =xlH3 -----END PGP SIGNATURE-----

