Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1909-1] New postgresql-ocaml packages provide secure es

From Steffen Joeris@1:229/2 to All on Fri Oct 16 01:18:18 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1909-1 [email protected] http://www.debian.org/security/ Steffen Joeris
October 14, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : postgresql-ocaml
Vulnerability : missing escape function
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-2943

It was discovered that postgresql-ocaml, OCaml bindings to PostgreSQL's
libpq, was missing a function to call PQescapeStringConn(). This is
needed, because PQescapeStringConn() honours the charset of the
connection and prevents insufficient escaping, when certain multibyte
character encodings are used. The added function is called
escape_string_conn() and takes the established database connection as a
first argument. The old escape_string() was kept for backwards
compatibility.

Developers using these bindings are encouraged to adjust their code to
use the new function.

For the stable distribution (lenny), this problem has been fixed in
version 1.7.0-3+lenny1.

For the oldstable distribution (etch), this problem has been fixed in
version 1.5.4-2+etch1.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 1.12.1-1.

We recommend that you upgrade your postgresql-ocaml packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/p/postgresql-ocaml/postgresql-ocaml_1.5.4.orig.tar.gz
Size/MD5 checksum: 37091 0f2440dee5ba424e5f2e80b9e1985aac
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/postgresql-ocaml_1.5.4-2+etch1.dsc
Size/MD5 checksum: 796 fcde6e827e7965128479af66b5f36640
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/postgresql-ocaml_1.5.4-2+etch1.diff.gz
Size/MD5 checksum: 5422 9955c633c0ba5c6082adab763b02dd81

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_alpha.deb
Size/MD5 checksum: 65992 15af26342b66bfc2da16758ceec7d973
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_alpha.deb
Size/MD5 checksum: 12184 c94c1fbb5c2b30baf76b54335899fdb2

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_amd64.deb
Size/MD5 checksum: 11652 a7e8bebb72e6f8192a5cad99fd133bcc
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_amd64.deb
Size/MD5 checksum: 56826 ef65e7f49d2367fc488a22e3b3b06850

arm architecture (ARM)

http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_arm.deb
Size/MD5 checksum: 57254 3c612cb5e6a9fce235884a3ecaf2cda6
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_arm.deb
Size/MD5 checksum: 9632 361b04c9010ab69b99ca03aa9eb8ee19

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_hppa.deb
Size/MD5 checksum: 11536 e347d8c6e10c2f58727ef0f99fbec29e
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_hppa.deb
Size/MD5 checksum: 37706 c515f78761b5bc8e1a193b6282c8c685

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_i386.deb
Size/MD5 checksum: 55088 5236535c706517466fd0c5005f27f5df
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_i386.deb
Size/MD5 checksum: 10708 5cc8f746984d0a5dc6fe6515f798352f

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_ia64.deb
Size/MD5 checksum: 70342 1963272ac4eb736025c74bec49d21252
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_ia64.deb
Size/MD5 checksum: 13408 ceceb8785ca67033b906a5bbdcfb3816

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_mips.deb
Size/MD5 checksum: 10550 ed2eba369cd295521a8b706c3402ed53
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_mips.deb
Size/MD5 checksum: 36922 cd5d3fd3ef7ed3f5b7f28fcbdcb38f54

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_mipsel.deb
Size/MD5 checksum: 10502 2692a552a66911e5e49805a9a37d7760
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_mipsel.deb
Size/MD5 checksum: 36858 6e9ca0073b222a0a0b3049e6c85d919c

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_powerpc.deb
Size/MD5 checksum: 11746 b19f3ce9de91c58d784d758a8b7aba4d
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_powerpc.deb
Size/MD5 checksum: 60820 e04f4fa7c6ffa370c76c5f6a5df3f618

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_s390.deb
Size/MD5 checksum: 12156 8a98242d666d976a5cfabd7a7044d136

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet
- Michal Wronka
  Thu Jun 4 23:19:58 2026
  from Wroclaw, Poland via Telnet
- Michal Wronka
  Thu Jun 4 23:17:20 2026
  from Wroclaw, Poland via SSH
- Michal Wronka
  Thu Jun 4 23:13:51 2026
  from Wroclaw, Poland via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	714
Nodes:	16 (2 / 14)
Uptime:	142:14:04
Calls:	12,088
Calls today:	1
Files:	14,998
Messages:	6,517,451

[SECURITY] [DSA 1909-1] New postgresql-ocaml packages provide secure es

Who's Online

Recent Visitors

System Info