"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1911-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
October 14, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : pygresql
Vulnerability : missing escape function
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-2940
It was discovered that pygresql, a PostgreSQL module for Python, was
missing a function to call PQescapeStringConn(). This is needed, because
PQescapeStringConn() honours the charset of the connection and prevents
insufficient escaping, when certain multibyte character encodings are
used. The new function is called pg_escape_string(), which takes the
database connection as a first argument. The old function
escape_string() has been preserved as well for backwards compatibility.
Developers using these bindings are encouraged to adjust their code to
use the new function.
For the stable distribution (lenny), this problem has been fixed in
version 1:3.8.1-3+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 1:3.8.1-1etch2.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 1:4.0-1.
We recommend that you upgrade your pygresql packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/pygresql/pygresql_3.8.1-1etch2.dsc
Size/MD5 checksum: 694 086a34b31967d51ff8ca7a8804d39a91
http://security.debian.org/pool/updates/main/p/pygresql/pygresql_3.8.1-1etch2.diff.gz
Size/MD5 checksum: 4253 f32240024a278f6650b4342a0ebcbb71
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_alpha.deb
Size/MD5 checksum: 93958 dbf107badf6bf7c7b0b2820141e42ef2
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_amd64.deb
Size/MD5 checksum: 92400 ea6b668eab27ad64d2e7b02e4affc727
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_arm.deb
Size/MD5 checksum: 90130 7b15f232b3dc6facd956eb7fca1bd4e5
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_i386.deb
Size/MD5 checksum: 90362 eaec4a360b3af5e4c334126cf870f4fc
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_ia64.deb
Size/MD5 checksum: 98092 488b3090825b958784a5ee748899f337
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_mips.deb
Size/MD5 checksum: 88844 92b80b8485000c7170959b1b10aa93a4
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_mipsel.deb
Size/MD5 checksum: 88586 8b64c4326529429d0bd1fbff149eb471
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_powerpc.deb
Size/MD5 checksum: 91086 653410357846b7870f33d93fc87e7348
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_s390.deb
Size/MD5 checksum: 91506 e3ad96489ac5acaf13d850a01027b8c8
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_sparc.deb
Size/MD5 checksum: 89030 a82665887545c1ef1d30f3aa55be7804
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/pygresql/pygresql_3.8.1-3+lenny1.diff.gz
Size/MD5 checksum: 4466 a1c2ce06c800d605bfe14bcfe2dd0827
http://security.debian.org/pool/updates/main/p/pygresql/pygresql_3.8.1.orig.tar.gz
Size/MD5 checksum: 81186 5575979dac93c9c5795d7693a8f91c86
http://security.debian.org/pool/updates/main/p/pygresql/pygresql_3.8.1-3+lenny1.dsc
Size/MD5 checksum: 1124 269418b4532c90f057bd22e5858a2997
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_alpha.deb
Size/MD5 checksum: 114256 5704221569e20111cf6672ece0d11682
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_alpha.deb
Size/MD5 checksum: 156386 fa17c555e61b71463de456db3c51ae84
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_amd64.deb
Size/MD5 checksum: 159238 128f1c3033bde64f9a11f5e913d9d973
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_amd64.deb
Size/MD5 checksum: 115328 fe068a81f497f69a6ad19d495e652e2b
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_arm.deb
Size/MD5 checksum: 109312 25c5b281ea33146beb5a59666aba47ac
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_arm.deb
Size/MD5 checksum: 144480 ca940db2975633c04b5c2fe87274e8ea
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_armel.deb
Size/MD5 checksum: 149678 957232bd77ffab3671bf785476ea87da
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_armel.deb
Size/MD5 checksum: 111126 705dea69876757df26bc42e74dd17226
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_hppa.deb
Size/MD5 checksum: 117048 c47c89646f2bc572d5fee685876e639f
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_hppa.deb
Size/MD5 checksum: 155300 c864943c790f0a79b2da3034d51a94fa
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_i386.deb
Size/MD5 checksum: 108626 d27c445d00283fe59fb6a54cfaaa4156
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_i386.deb
Size/MD5 checksum: 142506 b1d7283270efa735daf705a7825981e7
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_ia64.deb
Size/MD5 checksum: 160656 45f6874fdc6f520dbe1932a9acbbdc1e
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_ia64.deb
Size/MD5 checksum: 125206 261caf7cc1e302d67b1d4c8f44fdca5e
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_mips.deb
Size/MD5 checksum: 149858 3ab427dbe8851bdc5710d5be170e87b4
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_mips.deb
Size/MD5 checksum: 106876 519d15036e48482c9bf6ba13a45df864
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_mipsel.deb
Size/MD5 checksum: 107182 e89c124b98cf43149ef29bf0c7376e37
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_mipsel.deb
Size/MD5 checksum: 147822 36818301f82c6b208a12dfffcb12abaa
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_powerpc.deb
Size/MD5 checksum: 158920 24d9e6552bc85adbeec92f88cfb7c5cf
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_powerpc.deb
Size/MD5 checksum: 114592 67797adf90fa321b296f7c6755622802
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_s390.deb
Size/MD5 checksum: 156980 636e256ccfc7f06b6b41cd74492a9593
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_s390.deb
Size/MD5 checksum: 113766 0cca0ff55e531f246f10009322b62bb2
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_sparc.deb
Size/MD5 checksum: 137180 050359d747dd8afce46c3309967af260
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_sparc.deb
Size/MD5 checksum: 108528 40ca765a94813cefaf2a4c77597f8155
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkrWaMoACgkQ62zWxYk/rQf/zwCghxp/ePtKAvbJzVkOzA61Fr+S
yX0AoLx/HrVSipHkUaHfmybLYtbToOna
=B2p/
-----END PGP SIGNATURE-----
"
Moby to release ltd edition deluxe version of Wait For MeDSA 1902-1: New elinks packages fix arbitrary code execution
This entry was posted
on 9:14 AM
.
Archives
-
▼
2009
(488)
-
▼
October
(44)
- DSA 1915-1: New Linux 2.6.26 packages fix several ...
- RHSA-2009:1529-01 Moderate: samba security update
- USN-850-2: poppler regression
- GLSA 200910-03 Adobe Reader: Multiple vulnerabili...
- DSA 1919-1: New smarty packages fix several vulner...
- DSA 1917-1: New mimetex packages fix several vulne...
- DSA 1912-2: New advi packages fix arbitrary code e...
- GLSA 200910-02 Pidgin: Multiple vulnerabilities
- USN-850-1: poppler vulnerabilities
- RHSA-2009:1522-01 Moderate: kernel security and bu...
- RHSA-2009:1512-01 Important: kdegraphics security ...
- DSA 1912-1: New camlimages fix arbitrary code exec...
- DSA 1913-1: New bugzilla packages fix SQL injection
- DSA 1911-1: New pygresql packages provide secure e...
- RHSA-2009:1499-01 Critical: acroread security update
- RHSA-2009:1501-01 Important: xpdf security update
- USN-848-1: Zope vulnerabilities
- RHSA-2009:1503-01 Important: gpdf security update
- RHSA-2009:1505-01 Moderate: java-1.4.2-ibm securit...
- RHSA-2009:1504-01 Important: poppler security and ...
- DSA 1910-1: New mysql-ocaml packages provide secur...
- USN-849-1: libsndfile vulnerabilities
- RHSA-2009:1502-01 Important: kdegraphics security ...
- RHSA-2009:1513-01 Moderate: cups security update
- USN-847-1: Devscripts vulnerability
- DSA 1895-2: New opensaml2 and shibboleth-sp2 packa...
- DSA 1906-1: End-of-life announcement for clamav in...
- USN-846-1: ICU vulnerability
- USN-845-1: Pan vulnerability
- RHSA-2009:1484-01 Moderate: postgresql security up...
- USN-843-1: BackupPC vulnerability
- USN-842-1: Wget vulnerability
- USN-841-1: GLib vulnerability
- DSA 1902-1: New elinks packages fix arbitrary code...
- DSA 1899-1: New strongswan packages fix denial of ...
- DSA 1901-1: New mediawiki1.7 packages fix several ...
- RHSA-2009:1471-01 Important: elinks security update
- USN-839-1: Samba vulnerabilities
- DSA 1898-1: New openswan packages fix denial of se...
- RHSA-2009:1470-01 Moderate: openssh security update
- USN-838-1: Dovecot vulnerabilities
- RHSA-2009:1472-01 Moderate: xen security and bug f...
- RHSA-2009:1469-01 Important: kernel security update
- RHSA-2009:1455-01 Moderate: kernel security and bu...
-
▼
October
(44)