Re: Postgresql-related updates
Martin Schulze wrote:
> DSA 1087 introduced a stricter parsing of specially encoded data
> streams in postgresql. Martin Pitt pointed out that psycopg and
> python-pgsql still use \' for '-encoding instead of '' which is the
> only accepted encoding after installing this security upeate.
> Hence, both package should probably be updated in the next point
> release so that their valid encoding of an invalidly encoded stream
> does not result in a postgresql error but will be accepted.
> Martin Pitt was so kind and provided patches for both packages which
> are linked to in the respective bug reports. For psycopg this is
> Bug#369230 and for python-pgsql this refers to Bug#369250.
Martin also provided a patch for dovecot in Bug#369359, which would
only apply if the admin allowed ' as part of the username (which is
turned off by default). I don't think this warrants an update to
sarge, but I'm not the one to decide, so here's the information for
you to judge.
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect.