Debian Linux Security Advisory 1909-1 – It was discovered that postgresql-ocaml, OCaml bindings to PostgreSQL’s libpq, was missing a function to call PQescapeStringConn(). This is needed, because PQescapeStringConn() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called escape_string_conn() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/82024/dsa-1909-1.txt
Source: https://packetstormsecurity.com/files/82024/Debian-Linux-Security-Advisory-1909-1.html