Guillaume Winter discovered that pgextwlist, an extension for PostgreSQL implementing a whitelist mechanism for PostgreSQL extensions, was susceptible to SQL injection via crafted schema and user names.
https://security-tracker.debian.org/tracker/DSA-6385-1
Continue reading...
https://security-tracker.debian.org/tracker/DSA-6385-1
Continue reading...

