Debian Security Advisory

DSA-5136-1 postgresql-13 -- security update

Date Reported:
12 May 2022
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2022-1552.
More information:

Alexander Lakhin discovered that the autovacuum feature and multiple commands could escape the "security-restricted operation" sandbox.

For additional information please refer to the upstream announcement at

For the stable distribution (bullseye), this problem has been fixed in version 13.7-0+deb11u1.

We recommend that you upgrade your postgresql-13 packages.

For the detailed security status of postgresql-13 please refer to its security tracker page at: