[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updated postgresql-8.1 (8.1.4) backport?

There's been a security update to Pg 8.1 and I was wondering if we could get that into backports?

I know that normally they come from testing and not unstable now but this is a kind of ugly injection vulnerability. Basically it has to do with multibyte character sets and the \ and ' ASCII equivalent bytes being in the upper byte of the multibyte character causing escaping to fail since it's looking at multibyte chars but the Pg backend may see it as a valid non-multibyte character.

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler

Reply to: