-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 22 May 2006 10:35:58 +0200 Source: postgresql-7.4 Binary: postgresql-plpython-7.4 postgresql-client-7.4 postgresql-7.4 postgresql-contrib-7.4 libpq3 postgresql-doc-7.4 postgresql-plperl-7.4 postgresql-server-dev-7.4 postgresql-pltcl-7.4 Architecture: source i386 all Version: 1:7.4.13-1 Distribution: unstable Urgency: medium Maintainer: Martin Pitt <[EMAIL PROTECTED]> Changed-By: Martin Pitt <[EMAIL PROTECTED]> Description: libpq3 - PostgreSQL C client library postgresql-7.4 - object-relational SQL database, version 7.4 server postgresql-client-7.4 - front-end programs for PostgreSQL 7.4 postgresql-contrib-7.4 - additional facilities for PostgreSQL postgresql-doc-7.4 - documentation for the PostgreSQL database management system postgresql-plperl-7.4 - PL/Perl procedural language for PostgreSQL 7.4 postgresql-plpython-7.4 - PL/Python procedural language for PostgreSQL 7.4 postgresql-pltcl-7.4 - PL/TCL procedural language for PostgreSQL 7.4 postgresql-server-dev-7.4 - development files for PostgreSQL 7.4 server-side programming Changes: postgresql-7.4 (1:7.4.13-1) unstable; urgency=medium . * New upstream security and bug fix release: - The server now rejects invalidly-encoded multibyte characters in all cases to defend against SQL-injection attacks. [CVE-2006-2313] - Reject unsafe uses of \' in string literals (for client encodings that allow SQL injection with this, like SJIS, BIG5, GBK, GB18030, or UHC). A new configuration parameter backslash_quote is available to adjust this behavior when needed. [CVE-2006-2314] - Modify libpq's string-escaping routines to be aware of encoding considerations and standard_conforming_strings This fixes libpq-using applications for the security issues described in CVE-2006-2313 and CVE-2006-2314, and also future-proofs them against the planned changeover to SQL-standard string literal syntax. Applications that use multiple PostgreSQL connections concurrently should migrate to PQescapeStringConn() and PQescapeByteaConn() to ensure that escaping is done correctly for the settings in use in each database connection. Applications that do string escaping "by hand" should be modified to rely on library routines instead. - Various bug fixes, see upstream changelog for details. Files: db9921d1d74f3f2031eed4e56d230a0e 1060 misc optional postgresql-7.4_7.4.13-1.dsc 68f1d09a2c3063de869c209fb5e594a2 9951490 misc optional postgresql-7.4_7.4.13.orig.tar.gz 781d01f3bc0e8901874a8083dfdd1757 28447 misc optional postgresql-7.4_7.4.13-1.diff.gz 17e177c85472197fe305f5b43af82671 1264516 doc optional postgresql-doc-7.4_7.4.13-1_all.deb b08a84171f47c861a2becd347fec6779 515376 libdevel optional postgresql-server-dev-7.4_7.4.13-1_all.deb dd9b23c136365233b209997c6d256bb9 3325368 misc optional postgresql-7.4_7.4.13-1_i386.deb b42a50a0999683313fded771e7b9c0fc 962918 misc optional postgresql-client-7.4_7.4.13-1_i386.deb c8d4e63fcacacfeb6171ebdd28742c04 191434 libs optional libpq3_7.4.13-1_i386.deb 47b02aaa291a9fb848d2e080dbcacd5c 555096 misc optional postgresql-contrib-7.4_7.4.13-1_i386.deb e76ff4aa8031c7e8d64343eaf81e7cdb 114208 misc optional postgresql-plperl-7.4_7.4.13-1_i386.deb 15e455fb32511a259f27e9d945f1c478 116628 misc optional postgresql-plpython-7.4_7.4.13-1_i386.deb e5e85d943952942c04075d97d0cf453a 118614 misc optional postgresql-pltcl-7.4_7.4.13-1_i386.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEcY63DecnbV4Fd/IRAnXpAJ4pcDZFpTlM7BzvdOcaI7sObFeGfwCgs/Ts 3JgS5OSWC5EXRnu5HYfrWII= =SREj -----END PGP SIGNATURE----- Accepted: libpq3_7.4.13-1_i386.deb to pool/main/p/postgresql-7.4/libpq3_7.4.13-1_i386.deb postgresql-7.4_7.4.13-1.diff.gz to pool/main/p/postgresql-7.4/postgresql-7.4_7.4.13-1.diff.gz postgresql-7.4_7.4.13-1.dsc to pool/main/p/postgresql-7.4/postgresql-7.4_7.4.13-1.dsc postgresql-7.4_7.4.13-1_i386.deb to pool/main/p/postgresql-7.4/postgresql-7.4_7.4.13-1_i386.deb postgresql-7.4_7.4.13.orig.tar.gz to pool/main/p/postgresql-7.4/postgresql-7.4_7.4.13.orig.tar.gz postgresql-client-7.4_7.4.13-1_i386.deb to pool/main/p/postgresql-7.4/postgresql-client-7.4_7.4.13-1_i386.deb postgresql-contrib-7.4_7.4.13-1_i386.deb to pool/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.13-1_i386.deb postgresql-doc-7.4_7.4.13-1_all.deb to pool/main/p/postgresql-7.4/postgresql-doc-7.4_7.4.13-1_all.deb postgresql-plperl-7.4_7.4.13-1_i386.deb to pool/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.13-1_i386.deb postgresql-plpython-7.4_7.4.13-1_i386.deb to pool/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.13-1_i386.deb postgresql-pltcl-7.4_7.4.13-1_i386.deb to pool/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.13-1_i386.deb postgresql-server-dev-7.4_7.4.13-1_all.deb to pool/main/p/postgresql-7.4/postgresql-server-dev-7.4_7.4.13-1_all.deb -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]