| Package | postgresql-9.6 |
|---|---|
| Version | 9.6.24-0+deb9u9 (stretch) |
| Related CVEs | CVE-2025-1094 |
PostgreSQL, a popular database, was affected by a vulnerability.
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns.
For Debian 9 stretch, these problems have been fixed in version 9.6.24-0+deb9u9.
We recommend that you upgrade your postgresql-9.6 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.