Re: Postgresql-related updates

To: debian-release@lists.debian.org
Subject: Re: Postgresql-related updates
From: Martin Schulze <joey@infodrom.org>
Date: Sat, 3 Jun 2006 16:00:29 +0200
Message-id: <[🔎] 20060603140029.GA27026@finlandia.infodrom.north.de>
In-reply-to: <[🔎] 20060603084938.GD16235@finlandia.infodrom.north.de>
References: <[🔎] 20060603084938.GD16235@finlandia.infodrom.north.de>

Martin Schulze wrote:
> DSA 1087 introduced a stricter parsing of specially encoded data
> streams in postgresql.  Martin Pitt pointed out that psycopg and
> python-pgsql still use \' for '-encoding instead of '' which is the
> only accepted encoding after installing this security upeate.
> 
> Hence, both package should probably be updated in the next point
> release so that their valid encoding of an invalidly encoded stream
> does not result in a postgresql error but will be accepted.
> 
> Martin Pitt was so kind and provided patches for both packages which
> are linked to in the respective bug reports.  For psycopg this is
> Bug#369230 and for python-pgsql this refers to Bug#369250.

Martin also provided a patch for dovecot in Bug#369359, which would
only apply if the admin allowed ' as part of the username (which is
turned off by default).  I don't think this warrants an update to
sarge, but I'm not the one to decide, so here's the information for
you to judge.

Regards,

	Joey

-- 
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect.

Reply to:

References:
- Postgresql-related updates
  - From: Martin Schulze <joey@infodrom.org>

Prev by Date: 3 removals for xfce
Next by Date: Re: [Pkg-xfce-devel] 3 removals for xfce
Previous by thread: Postgresql-related updates
Next by thread: Re: Postgresql-related updates
Index(es):
- Date
- Thread