PG Bug reporting form <noreply@postgresql.org> writes:
> Just wanted to give an update, I'm not sure if it's mentioned anywhere on
> the website. The PostgreSQl version 13.7 is also vuln to the
> CVE-2019-9193.
> The CVE states only In PostgreSQL 9.3 through 11.2.
Please see
https://www.postgresql.org/about/news/cve-2019-9193-not-a-security-vulnerability-1935/
That CVE is erroneous in full, and so the fact that it also misstates
relevant versions is hardly surprising.
regards, tom lane