psycopg needs quoting fix
Bug #46473 reported by
Stuart Bishop
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
psycopg (Ubuntu) |
Fix Released
|
Critical
|
Martin Pitt |
Bug Description
psycopg quotes the ' character in strings as \' , meaning it is vulnerable to the recent multibyte encoding SQL injection attack that prompted the release of PostgreSQL 8.1.4 and other security fixes.
Changed in psycopg: | |
assignee: | nobody → pitti |
Changed in psycopg: | |
status: | Unconfirmed → Confirmed |
To post a comment you must log in.
http:// www.postgresql. org/docs/ techdocs. 52