On Sat, Aug 19, 2006 at 05:34:35PM +0200, Martin Schulze wrote:
> I wonder if this problem relates to updates in the PostgreSQL server
> to fix quoting issues, i.e. see:
> http://lists.debian.org/debian-release/2006/06/msg00024.html
my *guess* is that this is the case. i'll send an email to upstr
sean finney wrote:
> executive summary for security team: not escaping query strings
> can possibly result in SQL injection for apps that use pike+postgresql.
>
> i've developed a patch which cleanly applies to both the 7.2 and 7.6
> branches that exist in sarge. however, looking more closely at
tags 382607 patch
clone 382607 -1
reassign -1 pike7.6
found -1 7.6.24
notfound -1 7.6.87
thanks
(some bts-fu to reflect the bug exists in both versions of pike)
executive summary for security team: not escaping query strings
can possibly result in SQL injection for apps that use pike+postgresql.
3 matches
Mail list logo
