Marius Bakke <mbakke@fastmail.com> writes:

> This fixes CVE-2019-10129 and CVE-2019-10130.
>
> * gnu/packages/databases.scm (postgresql)[replacement]: New field.
> (postgresql-10.8): New variable.

I almost forgot this patch.

Pushed in a52c807a393ae0a9b59918a4f451c9e59ff7ec0e.