Hi Christoph Berg has uploaded a version for postgresql-common to address CVE-2017-8806 as well for wheezy. https://lists.debian.org/debian-lts-changes/2017/11/msg00012.html If Christoph prefers to not release the DLA himself, can a LTS team member release the DLA? Moritz's DSA text should help in case needed: https://www.debian.org/security/2017/dsa-4029 Thanks already and regards, Salvatore