Package: python-pgsql Version: 2.4.0-7 Severity: important Tags: security, patch
Hi! Recently, a security hole has been discovered in PostgreSQL client applications, see http://www.postgresql.org/docs/techdocs.50 for details. In short, using \' for quote escaping is insecure and now not allowed any more in some encodings which are prone to this SQL injection attack. Quotes in python-pgsql are escaped with \'. This patch fixes that to use '': http://patches.ubuntu.com/patches/python-pgsql.CVE-2006-2314.diff Please mention the CVE number in the changelog when you fix this. Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
