Re: Postgresql-related updates
Martin Schulze wrote:
> DSA 1087 introduced a stricter parsing of specially encoded data
> streams in postgresql. Martin Pitt pointed out that psycopg and
> python-pgsql still use \' for '-encoding instead of '' which is the
> only accepted encoding after installing this security upeate.
>
> Hence, both package should probably be updated in the next point
> release so that their valid encoding of an invalidly encoded stream
> does not result in a postgresql error but will be accepted.
>
> Martin Pitt was so kind and provided patches for both packages which
> are linked to in the respective bug reports. For psycopg this is
> Bug#369230 and for python-pgsql this refers to Bug#369250.
Martin also provided a patch for dovecot in Bug#369359, which would
only apply if the admin allowed ' as part of the username (which is
turned off by default). I don't think this warrants an update to
sarge, but I'm not the one to decide, so here's the information for
you to judge.
Regards,
Joey
--
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect.
Reply to: