Errata overview
Errata ID 650
Date 2020-03-11
Source package postgresql-9.6
Fixed in version 9.6.17-0+deb9u1
This updates PostreSQL to version 9.6.17, which among others addresses the
following security issue:
* Add missing permissions checks for `ALTER ... DEPENDS ON EXTENSION`.
  Marking an object as dependent on an extension did not have any privilege
  check whatsoever. This oversight allowed any user to mark routines,
  triggers, materialized views, or indexes as droppable by anyone able to
  drop an extension. Require that the calling user own the specified object
  (and hence have privilege to drop it). (CVE-2020-1720)
Additional notes
CVE ID CVE-2020-1720
UCS Bug number #50914