-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 3 Jun 2006 01:27:11 +1000 Source: python-pgsql Binary: python-pgsql python2.4-pgsql python2.3-pgsql Architecture: source all i386 Version: 2.4.0-8 Distribution: unstable Urgency: high Maintainer: Ben Burton <bab@debian.org> Changed-By: Ben Burton <bab@debian.org> Description: python-pgsql - A Python DB-API 2.0 interface to PostgreSQL v7.x python2.3-pgsql - A Python DB-API 2.0 interface to PostgreSQL v7.x python2.4-pgsql - A Python DB-API 2.0 interface to PostgreSQL v7.x Closes: 369250 Changes: python-pgsql (2.4.0-8) unstable; urgency=high . * In routines PgQuoteString() and PgQuoteBytea(), quotes are now escaped as '', not as \' (closes: #369250). In some multi-byte encodings you can exploit \' escaping to inject SQL code, and so \' no longer works for such client encodings with newer PostgreSQL servers. Thanks to Martin Pitt for the patch. * Reference: CVE-2006-2314. Files: 534b72623a49e7f030cc803d1ed994ce 670 python optional python-pgsql_2.4.0-8.dsc 7922ffba11e99fb3b08113048275a363 14055 python optional python-pgsql_2.4.0-8.diff.gz 5b8bce414243db6666467a94cb63fdfc 17858 python optional python-pgsql_2.4.0-8_all.deb 4fa58b6e5df0c76f1beb98aea9a97eaf 144786 python optional python2.3-pgsql_2.4.0-8_i386.deb 0ea9ef3a5ade7b868f8cdd0468180dbf 144168 python optional python2.4-pgsql_2.4.0-8_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEgFlSMQNuxza4YcERAhUpAJ9nlpXP52U5AAoORtJHmogyFZatzACgn5Zc jaiOymx3OHknQb7UrGwrtQY= =iRVK -----END PGP SIGNATURE----- Accepted: python-pgsql_2.4.0-8.diff.gz to pool/main/p/python-pgsql/python-pgsql_2.4.0-8.diff.gz python-pgsql_2.4.0-8.dsc to pool/main/p/python-pgsql/python-pgsql_2.4.0-8.dsc python-pgsql_2.4.0-8_all.deb to pool/main/p/python-pgsql/python-pgsql_2.4.0-8_all.deb python2.3-pgsql_2.4.0-8_i386.deb to pool/main/p/python-pgsql/python2.3-pgsql_2.4.0-8_i386.deb python2.4-pgsql_2.4.0-8_i386.deb to pool/main/p/python-pgsql/python2.4-pgsql_2.4.0-8_i386.deb