-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 22 May 2006 10:35:58 +0200
Source: postgresql-7.4
Binary: postgresql-plpython-7.4 postgresql-client-7.4 postgresql-7.4
postgresql-contrib-7.4 libpq3 postgresql-doc-7.4 postgresql-plperl-7.4
postgresql-server-dev-7.4 postgresql-pltcl-7.4
Architecture: source i386 all
Version: 1:7.4.13-1
Distribution: unstable
Urgency: medium
Maintainer: Martin Pitt <[EMAIL PROTECTED]>
Changed-By: Martin Pitt <[EMAIL PROTECTED]>
Description:
libpq3 - PostgreSQL C client library
postgresql-7.4 - object-relational SQL database, version 7.4 server
postgresql-client-7.4 - front-end programs for PostgreSQL 7.4
postgresql-contrib-7.4 - additional facilities for PostgreSQL
postgresql-doc-7.4 - documentation for the PostgreSQL database management
system
postgresql-plperl-7.4 - PL/Perl procedural language for PostgreSQL 7.4
postgresql-plpython-7.4 - PL/Python procedural language for PostgreSQL 7.4
postgresql-pltcl-7.4 - PL/TCL procedural language for PostgreSQL 7.4
postgresql-server-dev-7.4 - development files for PostgreSQL 7.4 server-side
programming
Changes:
postgresql-7.4 (1:7.4.13-1) unstable; urgency=medium
.
* New upstream security and bug fix release:
- The server now rejects invalidly-encoded multibyte characters in all
cases to defend against SQL-injection attacks. [CVE-2006-2313]
- Reject unsafe uses of \' in string literals (for client encodings that
allow SQL injection with this, like SJIS, BIG5, GBK, GB18030, or UHC). A
new configuration parameter backslash_quote is available to adjust this
behavior when needed. [CVE-2006-2314]
- Modify libpq's string-escaping routines to be aware of encoding
considerations and standard_conforming_strings
This fixes libpq-using applications for the security issues
described in CVE-2006-2313 and CVE-2006-2314, and also
future-proofs them against the planned changeover to SQL-standard
string literal syntax. Applications that use multiple PostgreSQL
connections concurrently should migrate to PQescapeStringConn() and
PQescapeByteaConn() to ensure that escaping is done correctly for
the settings in use in each database connection. Applications that
do string escaping "by hand" should be modified to rely on library
routines instead.
- Various bug fixes, see upstream changelog for details.
Files:
db9921d1d74f3f2031eed4e56d230a0e 1060 misc optional postgresql-7.4_7.4.13-1.dsc
68f1d09a2c3063de869c209fb5e594a2 9951490 misc optional
postgresql-7.4_7.4.13.orig.tar.gz
781d01f3bc0e8901874a8083dfdd1757 28447 misc optional
postgresql-7.4_7.4.13-1.diff.gz
17e177c85472197fe305f5b43af82671 1264516 doc optional
postgresql-doc-7.4_7.4.13-1_all.deb
b08a84171f47c861a2becd347fec6779 515376 libdevel optional
postgresql-server-dev-7.4_7.4.13-1_all.deb
dd9b23c136365233b209997c6d256bb9 3325368 misc optional
postgresql-7.4_7.4.13-1_i386.deb
b42a50a0999683313fded771e7b9c0fc 962918 misc optional
postgresql-client-7.4_7.4.13-1_i386.deb
c8d4e63fcacacfeb6171ebdd28742c04 191434 libs optional libpq3_7.4.13-1_i386.deb
47b02aaa291a9fb848d2e080dbcacd5c 555096 misc optional
postgresql-contrib-7.4_7.4.13-1_i386.deb
e76ff4aa8031c7e8d64343eaf81e7cdb 114208 misc optional
postgresql-plperl-7.4_7.4.13-1_i386.deb
15e455fb32511a259f27e9d945f1c478 116628 misc optional
postgresql-plpython-7.4_7.4.13-1_i386.deb
e5e85d943952942c04075d97d0cf453a 118614 misc optional
postgresql-pltcl-7.4_7.4.13-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFEcY63DecnbV4Fd/IRAnXpAJ4pcDZFpTlM7BzvdOcaI7sObFeGfwCgs/Ts
3JgS5OSWC5EXRnu5HYfrWII=
=SREj
-----END PGP SIGNATURE-----
Accepted:
libpq3_7.4.13-1_i386.deb
to pool/main/p/postgresql-7.4/libpq3_7.4.13-1_i386.deb
postgresql-7.4_7.4.13-1.diff.gz
to pool/main/p/postgresql-7.4/postgresql-7.4_7.4.13-1.diff.gz
postgresql-7.4_7.4.13-1.dsc
to pool/main/p/postgresql-7.4/postgresql-7.4_7.4.13-1.dsc
postgresql-7.4_7.4.13-1_i386.deb
to pool/main/p/postgresql-7.4/postgresql-7.4_7.4.13-1_i386.deb
postgresql-7.4_7.4.13.orig.tar.gz
to pool/main/p/postgresql-7.4/postgresql-7.4_7.4.13.orig.tar.gz
postgresql-client-7.4_7.4.13-1_i386.deb
to pool/main/p/postgresql-7.4/postgresql-client-7.4_7.4.13-1_i386.deb
postgresql-contrib-7.4_7.4.13-1_i386.deb
to pool/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.13-1_i386.deb
postgresql-doc-7.4_7.4.13-1_all.deb
to pool/main/p/postgresql-7.4/postgresql-doc-7.4_7.4.13-1_all.deb
postgresql-plperl-7.4_7.4.13-1_i386.deb
to pool/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.13-1_i386.deb
postgresql-plpython-7.4_7.4.13-1_i386.deb
to pool/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.13-1_i386.deb
postgresql-pltcl-7.4_7.4.13-1_i386.deb
to pool/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.13-1_i386.deb
postgresql-server-dev-7.4_7.4.13-1_all.deb
to pool/main/p/postgresql-7.4/postgresql-server-dev-7.4_7.4.13-1_all.deb
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
