[Secure-testing-team] postgresql CVE-2006-2314: track all packages
that need to be changed?
Stefan Fritsch
sf at sfritsch.de
Mon May 29 18:23:33 UTC 2006
Hi,
do we need to track all postgres-using packages that need to be
changed for CVE-2006-2314? AIUI programs that use the old encoding
simply don't work with the fixed versions of postgres. Or can this be
exploited for SQL injection?
e.g. postfix 2.2.10-2:
* Fix postgresql escaping function. See CVE-2006-2314.
Closes: #369349
Cheers,
Stefan
More information about the Secure-testing-team
mailing list