Debian: DSA-1909-1: New postgresql-ocaml packages provide secure escaping

    Date15 Oct 2009
    CategoryDebian
    45
    Posted ByLinuxSecurity Advisories
    It was discovered that postgresql-ocaml, OCaml bindings to PostgreSQL's libpq, was missing a function to call PQescapeStringConn(). This is needed, because PQescapeStringConn() honours the charset of the
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1909-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                      Steffen Joeris
    October 14, 2009                      http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : postgresql-ocaml
    Vulnerability  : missing escape function
    Problem type   : remote
    Debian-specific: no
    CVE Id         : CVE-2009-2943
    
    
    It was discovered that postgresql-ocaml, OCaml bindings to PostgreSQL's
    libpq, was missing a function to call PQescapeStringConn(). This is
    needed, because PQescapeStringConn() honours the charset of the
    connection and prevents insufficient escaping, when certain multibyte
    character encodings are used. The added function is called
    escape_string_conn() and takes the established database connection as a
    first argument. The old escape_string() was kept for backwards
    compatibility.
    
    Developers using these bindings are encouraged to adjust their code to
    use the new function.
    
    
    For the stable distribution (lenny), this problem has been fixed in
    version 1.7.0-3+lenny1.
    
    For the oldstable distribution (etch), this problem has been fixed in
    version 1.5.4-2+etch1.
    
    For the testing distribution (squeeze) and the unstable distribution
    (sid), this problem has been fixed in version 1.12.1-1.
    
    
    We recommend that you upgrade your postgresql-ocaml packages.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Debian (oldstable)
    - ------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/postgresql-ocaml_1.5.4.orig.tar.gz
        Size/MD5 checksum:    37091 0f2440dee5ba424e5f2e80b9e1985aac
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/postgresql-ocaml_1.5.4-2+etch1.dsc
        Size/MD5 checksum:      796 fcde6e827e7965128479af66b5f36640
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/postgresql-ocaml_1.5.4-2+etch1.diff.gz
        Size/MD5 checksum:     5422 9955c633c0ba5c6082adab763b02dd81
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_alpha.deb
        Size/MD5 checksum:    65992 15af26342b66bfc2da16758ceec7d973
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_alpha.deb
        Size/MD5 checksum:    12184 c94c1fbb5c2b30baf76b54335899fdb2
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_amd64.deb
        Size/MD5 checksum:    11652 a7e8bebb72e6f8192a5cad99fd133bcc
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_amd64.deb
        Size/MD5 checksum:    56826 ef65e7f49d2367fc488a22e3b3b06850
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_arm.deb
        Size/MD5 checksum:    57254 3c612cb5e6a9fce235884a3ecaf2cda6
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_arm.deb
        Size/MD5 checksum:     9632 361b04c9010ab69b99ca03aa9eb8ee19
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_hppa.deb
        Size/MD5 checksum:    11536 e347d8c6e10c2f58727ef0f99fbec29e
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_hppa.deb
        Size/MD5 checksum:    37706 c515f78761b5bc8e1a193b6282c8c685
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_i386.deb
        Size/MD5 checksum:    55088 5236535c706517466fd0c5005f27f5df
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_i386.deb
        Size/MD5 checksum:    10708 5cc8f746984d0a5dc6fe6515f798352f
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_ia64.deb
        Size/MD5 checksum:    70342 1963272ac4eb736025c74bec49d21252
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_ia64.deb
        Size/MD5 checksum:    13408 ceceb8785ca67033b906a5bbdcfb3816
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_mips.deb
        Size/MD5 checksum:    10550 ed2eba369cd295521a8b706c3402ed53
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_mips.deb
        Size/MD5 checksum:    36922 cd5d3fd3ef7ed3f5b7f28fcbdcb38f54
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_mipsel.deb
        Size/MD5 checksum:    10502 2692a552a66911e5e49805a9a37d7760
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_mipsel.deb
        Size/MD5 checksum:    36858 6e9ca0073b222a0a0b3049e6c85d919c
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_powerpc.deb
        Size/MD5 checksum:    11746 b19f3ce9de91c58d784d758a8b7aba4d
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_powerpc.deb
        Size/MD5 checksum:    60820 e04f4fa7c6ffa370c76c5f6a5df3f618
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_s390.deb
        Size/MD5 checksum:    12156 8a98242d666d976a5cfabd7a7044d136
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_s390.deb
        Size/MD5 checksum:    37152 2497bdd2fb753146491197b588f21269
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_sparc.deb
        Size/MD5 checksum:     9840 dafe39256eb4570aa367089762dbdf36
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_sparc.deb
        Size/MD5 checksum:    60104 9adc5f0645a24a4b92325595ba8c0552
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/postgresql-ocaml_1.7.0-3+lenny1.dsc
        Size/MD5 checksum:     1464 af736cb504a122eb488b42324033073f
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/postgresql-ocaml_1.7.0-3+lenny1.diff.gz
        Size/MD5 checksum:     5748 8a086c9db7ca5be802b03caedd1d9914
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/postgresql-ocaml_1.7.0.orig.tar.gz
        Size/MD5 checksum:    38398 679322c7c7890805a37f7765c4b8f695
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_alpha.deb
        Size/MD5 checksum:    57672 2f787af347ad3cfb4d38dd11991a79c2
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_alpha.deb
        Size/MD5 checksum:    14448 75907d30cb91a964713e816f8f0dc7ed
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_amd64.deb
        Size/MD5 checksum:    13840 18b8f028d932263f2ea664d9073d2e93
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_amd64.deb
        Size/MD5 checksum:    74842 862fc3a2c78a37f5d5319fa26ff395c3
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_arm.deb
        Size/MD5 checksum:    53154 e0fd01bb50373e6516a700e4a93207c9
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_arm.deb
        Size/MD5 checksum:    11256 8ae4ba77e2ca6ff37428eafcfd2127f3
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_armel.deb
        Size/MD5 checksum:    11306 aded1f1a2ecb1b570b5466824ecf506d
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_armel.deb
        Size/MD5 checksum:    53826 ee8e2e91e7f07c68932c877be7d5882e
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_hppa.deb
        Size/MD5 checksum:    55740 602e9d0d203bda43537df8ea7a8cce8f
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_hppa.deb
        Size/MD5 checksum:    13336 c4e0cf3675baf4a472606ab2149c8c3d
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_i386.deb
        Size/MD5 checksum:    71974 e22ca1163b616029eb3203ab9a83f57f
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_i386.deb
        Size/MD5 checksum:    12358 879cfbff241a2b658f2cafc70fbc26e9
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_ia64.deb
        Size/MD5 checksum:    15826 5d918a9811f7a5494a6fb42b7471032f
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_ia64.deb
        Size/MD5 checksum:    56718 aac510279b15caba5d3a2898b6e5ad22
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_mips.deb
        Size/MD5 checksum:    11956 58b8c5c0fe6f5d8308ef455d9c3629b1
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_mips.deb
        Size/MD5 checksum:    54194 cf205c120e7d340caea0c6ab40e6fdad
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_mipsel.deb
        Size/MD5 checksum:    54668 9774393d80fda8f3afa41e5350767a5a
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_mipsel.deb
        Size/MD5 checksum:    11918 75bc39f75ae92d90c12be56e33af1dcf
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_powerpc.deb
        Size/MD5 checksum:    14972 2addc8ca023ebd60ab39c4454daa1730
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_powerpc.deb
        Size/MD5 checksum:    79472 bb0ea2d94f065409f66f3436897477c0
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_s390.deb
        Size/MD5 checksum:    14298 fb4aec5493a4b06bf17befbdab8a9a3d
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_s390.deb
        Size/MD5 checksum:    55212 c11d2dceae4c5d09c92c793b6d810e91
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_sparc.deb
        Size/MD5 checksum:    11480 3b8f3c866dc73cddd0905768a7f137a5
      http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_sparc.deb
        Size/MD5 checksum:    77672 a9b0fa3cd51538dfeaaa2e5da8ac92b7
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":54.17,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":16.67,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"7","type":"x","order":"3","pct":29.17,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.