thr3ads.net - Secure testing team - [Secure-testing-team] postgresql CVE-2006-2314: track all packages that need to be changed? [May 2006]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Stefan Fritsch

2006-May-29 18:23 UTC

[Secure-testing-team] postgresql CVE-2006-2314: track all packages that need to be changed?

Hi,

do we need to track all postgres-using packages that need to be 
changed for CVE-2006-2314? AIUI programs that use the old encoding 
simply don''t work with the fixed versions of postgres. Or can this be 
exploited for SQL injection?

e.g. postfix 2.2.10-2:
* Fix postgresql escaping function.  See CVE-2006-2314.
  Closes:  #369349

Cheers,
Stefan

Secure testing team - May 2006 - postgresql CVE-2006-2314: track all packages that need to be changed?

[Secure-testing-team] postgresql CVE-2006-2314: track all packages that need to be changed?