-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 13 May 2004 11:00:07 +0200 Source: postgresql Binary: libpgtcl postgresql pgaccess odbc-postgresql libpgperl postgresql-client libecpg3 postgresql-contrib postgresql-dev postgresql-doc python-pygresql libpgsql2 Architecture: source all i386 Version: 7.2.1-2woody5 Distribution: stable-security Urgency: low Maintainer: Oliver Elphick Changed-By: Martin Pitt Description: libecpg3 - Shared library libecpg.so.3 for PostgreSQL libpgperl - Perl modules for PostgreSQL. libpgsql2 - Shared library libpq.so.2 for PostgreSQL libpgtcl - Tcl/Tk library and front-end for PostgreSQL. odbc-postgresql - ODBC support for PostgreSQL pgaccess - Tk/Tcl front-end for PostgreSQL database postgresql - Object-relational SQL database, descended from POSTGRES. postgresql-client - Front-end programs for PostgreSQL postgresql-contrib - Additional facilities for PostgreSQL postgresql-dev - Header files for libpq (postgresql library) postgresql-doc - Documentation for the PostgreSQL database. python-pygresql - PostgreSQL module for Python Changes: postgresql (7.2.1-2woody5) stable-security; urgency=low . * Fixed buffer overflow in ODBC driver (src/interfaces/odbc/): added parameter for target buffer size to make_string() to prevent buffer overflows and corrected all calls to it. This fixes #247306 for woody (bug was already closed with the upload to sid). . With previous versions it was possible to crash (and possibly exploit) e. g. apache if a PHP script connected to a ODBC database with very long credential strings (DSN, username, password, etc.). . Other parts of postgresql are not affected. Files: 5368a43179ff119d6f3672f682b04509 966 misc optional postgresql_7.2.1-2woody5.dsc 7d29337cef51b081628d3cd04faa7cb7 119120 misc optional postgresql_7.2.1-2woody5.diff.gz d9ddbbc2c098d0c78a738954a52e523b 2069080 doc optional postgresql-doc_7.2.1-2woody5_all.deb 8aa11e24f7500fecaf3d78c10cdd8c32 1553782 misc optional postgresql_7.2.1-2woody5_i386.deb b044073939a17327d1439bf8a67751b7 280964 misc optional postgresql-client_7.2.1-2woody5_i386.deb 32bf7129d31765938340cc734fc4ac8d 497702 devel optional postgresql-dev_7.2.1-2woody5_i386.deb 2abea5f9d2e57e56ec91005a95fc5ec4 65720 libs optional libpgsql2_7.2.1-2woody5_i386.deb 248ae4c61f0324a48e5920474ed3aab1 30404 libs optional libecpg3_7.2.1-2woody5_i386.deb 433390125e665a2df05b1982aaff3c7f 54286 libs optional libpgtcl_7.2.1-2woody5_i386.deb dbcd9960dc7f123ef7490cb699fa3cab 61100 libs optional libpgperl_7.2.1-2woody5_i386.deb b07264cca3f22fd5da6bb65a9d65004c 426000 misc optional pgaccess_7.2.1-2woody5_i386.deb 839d3a4c73f59ba0253dd6c26a576923 327910 misc optional postgresql-contrib_7.2.1-2woody5_i386.deb 0a473f8d08f517aaf24cd7a7707cd9a1 61228 misc optional python-pygresql_7.2.1-2woody5_i386.deb 969d21dec60b328d287e870b173f2987 201594 libs optional odbc-postgresql_7.2.1-2woody5_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAo0yWDecnbV4Fd/IRAvwzAKCj8C4aBm5UCCWNH/IAAZzf2f7hMACePcVg 455w/dOlpsSJBKOWdNNXyig= =57zr -----END PGP SIGNATURE-----