Debian LTS: DLA-3764-1: postgresql-11 security update
In the PostgreSQL database server, a late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY command could allow an attacker to trick a user with higher privileges to run SQL commands.