[SECURITY] [DLA 4052-2] postgresql-13 regression update

To: <[email protected]>
Subject: [SECURITY] [DLA 4052-2] postgresql-13 regression update
From: Emilio Pozuelo Monfort <[email protected]>
Date: Fri, 21 Feb 2025 09:54:47 +0100
Message-id: <[🔎] 20250221085447.0F2BF2A0380@andromeda>
Mail-followup-to: [email protected]
Reply-to: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4052-2                [email protected]
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
February 21, 2025                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : postgresql-13
Version        : 13.20-0+deb11u1
CVE ID         : CVE-2025-1094

The fix for CVE-2025-1094 included an error that caused the
PQescapeLiteral and PQescapeIdentifier methods to ignore their
length parameter, reading until the null terminating byte instead.
That could cause unintended characters to be included on the output,
or worse, buffer overflows.

For Debian 11 bullseye, this problem has been fixed in version
13.20-0+deb11u1.

We recommend that you upgrade your postgresql-13 packages.

For the detailed security status of postgresql-13 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/postgresql-13

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAme4P1QACgkQnUbEiOQ2
gwIGEw/8DGxIg83YpyDOewXSD1bLrorq3aaXm+++D8AdC9Uyx18dBCb8PJPJSwkb
E25Yue15pPk/zZ6W8cEhohwsKvdmSSkuPB/j+A9RMDaFG6BpwCbs9TSMY46R+5yr
l/0aRP6S5bjeEnWL3VSju8kgufcc3pOjzMTznO2+zyC1zdXRgOgrdKwm7nMp2Xgi
K/8qiYrmnwb/QpNqYEMudmefru58/yhQ18qySaIOKj+4nBuQxQ6OUv8l4IrSzGI+
MlqeVS9Yr6ZWtt3MGY4dp32ocAQLoSlmJEGfNb4nqs3pco5IgOIKqT8y2gnt2sUz
9Piy2pGn4W2n96TzXmfozbLPpMp9CMTbjzIdEM6Fw6MeUeYVyNuW196M/yBPd+vE
Y7dN5O60YKs36r8YI3Xjlf/21ktR9tGAf8WunKaVcIx2MLI9DOGDaWnErUu286gr
BMakWfzC3wSTJTHqlzBsktMtBPFOT7JHdriDkqnoMwZqmTzV/ujR4vNq1eW0N7g6
NxOgTfmweLfgC+N9AQFXHMVKUQVXOH3gLbUHUIhl4Yhs4t+0+ZokU9JUSLICv25B
+2dAUV4LC8p6XC0tb8TNyJ54+20gr6PUhnw772xUkDZ8ifPCUaxgk2xw9ugGEPuL
2FJqhCjFuBMXd//VYKaNqYja/RMlcf1C9A7apBO3TN4lCaLSiIA=
=tvip
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4060-1] djoser security update
Next by Date: [SECURITY] [DLA 4061-1] libtasn1-6 security update
Previous by thread: [SECURITY] [DLA 4060-1] djoser security update
Next by thread: [SECURITY] [DLA 4061-1] libtasn1-6 security update
Index(es):
- Date
- Thread

	
		OSZAR »