Thread: [Fwd: [SECURITY] [DSA 516-1] New odbc-postgresql packages fix denial of service]

Hi all,

Can anyone comment on where this fix is coming from? Was it found and
fixed by the Debian maintainer? Is the fix integrated into the ODBC
available from gborg? What other platforms are affected by it?

             Shachar

--
Shachar Shemesh
Lingnu Open Source Consulting
http://www.lingnu.com/

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 516-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
June 7th, 2004                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : postgresql
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
Debian Bug     : 247306

A buffer overflow has been discovered in the ODBC driver of PostgreSQL,
an object-relational SQL database, descended from POSTGRES.  It possible
to exploit this problem and crash the surrounding application.  Hence, a
PHP script using php4-odbc can be utilised to crash the surrounding
Apache webserver.  Other parts of postgresql are not affected.

For the stable distribution (woody) this problem has been fixed in
version 7.2.1-2woody5.

For the unstable distribution (sid) this problem has been fixed in
version 07.03.0200-3.

We recommend that you upgrade your postgresql and related package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5.dsc
      Size/MD5 checksum:      966 5368a43179ff119d6f3672f682b04509
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5.diff.gz
      Size/MD5 checksum:   119120 7d29337cef51b081628d3cd04faa7cb7
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1.orig.tar.gz
      Size/MD5 checksum:  9237680 d075e9c49135899645dff57bc58d6233

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.2.1-2woody5_all.deb
      Size/MD5 checksum:  2069080 d9ddbbc2c098d0c78a738954a52e523b

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:    34192 b2369d209179d36e571e766de1c4debf
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:    68246 1f3ed9f2ae78a6e2f78c9172468cbb00
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:    77486 45b4c9858e434f7498e06861c31244ee
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:    67192 86069f65ea21ac186b095e5b39ee617c
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:   290676 0302910a2a30ccf1b025d599afc67d73
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:   424930 450f68f0e2431ab84407d13d4135a654
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:  1816756 0f3a5117737c7b524fc1225625e9edf8
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:   319386 93d92c5baddf51443a442742e81fe80e
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:   387022 afe210d301c0dc068cd139471dad0065
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:   539998 227f24b4270a896b22eabda5e6d7cc36
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_alpha.deb
      Size/MD5 checksum:    64816 7d98b12889dc8321c66fa0ee5124ee69

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:    31348 4330dc495f966421871537aa10d4e07c
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:    64346 8a64191cd13adb62611bb9857b4f53da
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:    65206 b2024d757f86f18a0e185e3867d1fff9
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:    57410 b50b60d6afb66faa215f2fa2ef62392f
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:   233770 0e5b396f4c2a69c505b2e590aaf428fc
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:   425100 04af51b56fa997228f31051a2603db1d
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:  1599718 4db2ed86401a501cb580540318bbf118
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:   285080 7d048275487b2a24449d68c5b42aaff8
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:   340576 60aa01340e65d6bb4ff6011a830ec523
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:   510608 9fefe99929d22bebd27d3e92136a3e53
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_arm.deb
      Size/MD5 checksum:    62132 1808a3bab6f020f07058c3fc8b6bfcb1

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:    30404 248ae4c61f0324a48e5920474ed3aab1
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:    61100 dbcd9960dc7f123ef7490cb699fa3cab
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:    65720 2abea5f9d2e57e56ec91005a95fc5ec4
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:    54286 433390125e665a2df05b1982aaff3c7f
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:   201594 969d21dec60b328d287e870b173f2987
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:   426000 b07264cca3f22fd5da6bb65a9d65004c
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:  1553782 8aa11e24f7500fecaf3d78c10cdd8c32
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:   280964 b044073939a17327d1439bf8a67751b7
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:   327910 839d3a4c73f59ba0253dd6c26a576923
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:   497702 32bf7129d31765938340cc734fc4ac8d
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_i386.deb
      Size/MD5 checksum:    61228 0a473f8d08f517aaf24cd7a7707cd9a1

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:    39104 2e2b49ceab6f75c4eafe1803ea1f2d41
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:    76822 3077ee626e5557c99a25664ad9138be5
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:    90292 c990bcfba32cba098cc789543d17861a
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:    76758 b6c0b4e857fd76d167b5d17f6b83166e
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:   332852 add9f1038e2d5bb8981651a0058f453d
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:   424908 ae897f7d9d7ba643e33ce626dc791a01
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:  2092092 8dc3c51bf3106bd2bc97b6c094161740
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:   363118 c724d865d91d8eea9de654b031a0c8de
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:   434310 a4bea3a76278ae871a454fa25689d81f
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:   554748 a0fbdf37d7b1012838a48de6afb22b48
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_ia64.deb
      Size/MD5 checksum:    70668 21f8914238251c13af225121cecd97d2

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:    33580 2f0bd2c4b52e5af66422ce5efdeeb530
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:    70262 a9bd3a46360200a6554f95dbaa7ff94c
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:    76664 f84f7f4e08d1ed05a1af78d47682d802
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:    65402 ac8daf782c12df66f42e68a0d753ddf7
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:   254342 1410ba2d32628cfbaf3d87c3be389e1d
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:   425062 b81a0c52857b657f75613163d56a0502
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:  1826206 a65d21521c62acbd68aac0d4c6f7fbba
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:   304346 22627ab09d6bc312971e1642da7552e5
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:   371684 a21fac74c5f94b8d287677c7f29ebfb0
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:   523818 937cbc718d73fbeb411d65ac61dfb124
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_hppa.deb
      Size/MD5 checksum:    65812 e4eaa35bf81244d341ab822f954e9d39

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:    30256 da48d662aa603a9fffeb1c36ab3b7c99
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:    62712 e9cbbc8c5cf456f323c5a9260c8e4f55
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:    65332 c35d2ead6b95f78eb0e673d024ab7e4f
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:    54466 24c3dd0e488ff1d6fe70543be4199935
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:   187146 b390b1e9d80cfb06bc90a3bcd9c8e236
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:   425308 26fac921fb9eb5f7c5a52efa55bce6a6
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:  1583270 df4df8f522732d6c43f1df0accba8112
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:   269616 201a4493f8af1585a989e8ed82a51cc0
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:   324886 6e51a169b7d0ec74fdeff2c5886dba3b
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:   489934 cec341af75ef2d1174fcacb8431162fe
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_m68k.deb
      Size/MD5 checksum:    61980 21450725c887e01dba071bf77ff5aa4e

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:    30704 759c796a562de2a1e8fc07e2cf3ab7a3
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:    58678 f1837f55b5f0e3c4690d361b3cc6feaf
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:    64962 7d9369a781be6da40c64443dad4ddf5d
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:    58808 7ddf87b5711ae7d5f5df2bd9d22a72f4
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:   237014 7628c60ea1540d4cc49ba1352fefe032
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:   425154 7aedb457149df2687557604f687ef3bb
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:  1750210 87a24511e8b6a800e94098c267646baf
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:   293826 68f239dd9e644050a538be7747003af0
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:   343488 259bbf09e18c121ac36d7b7f6ef01b11
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:   515110 309ffc15e3a8d4453b7a663b52b22a34
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_mips.deb
      Size/MD5 checksum:    61258 72e323d3c8486b05cc920c837dfce965

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:    30712 07fdf57e04f07c4be76c35c7eaa4318d
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:    58414 b9ccbf0ae3a14e18aaf58d52238c1428
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:    64562 9252ed661fa295ae4ace327c89c8860f
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:    58746 7d22971774224ccc80d2a90090730c71
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:   237420 dbf5b222cc119f5b1395f295705e24d4
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:   425054 825a11f0a8bcc5dd829d3ac9fb777f17
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:  1661924 887104f5498e665a77bce68ecd7b81b2
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:   294144 e9de313201d193fbc84a2a145c17b310
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:   343198 50bfbe9f2d9fa899376584fd9dbc58c9
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:   512400 42967a1b4e9838a2e98b145c44d4f9da
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_mipsel.deb
      Size/MD5 checksum:    61198 8bda41a7df1117e3d871eaaadb9aaee4

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:    32076 f53e4cf4d47c3d7a8c3f8bb383222ae9
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:    69222 8b3b4f71252d43554d444a5a39618a7f
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:    67172 7246ce0c589597f5d4fc57b1e9297bb4
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:    56684 2c39270493a80d024109a594ebe849fa
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:   242572 9490b8269b40c555d76b9445752cc959
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:   424950 2a43fe0f1d932f084f761028fde72ba2
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:  1700774 af8f179e744defbcb2de0fe820e7b8c3
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:   288166 0c5e7ed8e40b0b4d1bbd8b6f18f1027a
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:   341534 91883697118d6cc4035dc3cf5aa1db5d
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:   510736 3cfb7c7072aaa6795ad806493d08d95d
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_powerpc.deb
      Size/MD5 checksum:    62072 82466754f9e268f557d3032de3966639

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:    30996 6f0af43311b27669c6619a22aa7bc315
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:    63556 646076aec41162cf302628bdebdd5438
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:    67832 d5e1fa058beef9ce7d1ae263ea8352b7
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:    55966 8f3ef06a43e799f64b956c7f213f85c3
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:   214586 5be949e0a602da5b9bacdcb38e8bb11d
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:   424912 73c6ab2d0370393155bdbcced10ac410
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:  1668794 1df52e99999735073594818a9de79d7e
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:   283922 dc742847f189ea2e7c98df80166bdc74
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:   346534 4cda6a813c032484d2e2475958c25557
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:   501780 09cfb180ef32d9d9d74ed6d9d2d6e2bc
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_s390.deb
      Size/MD5 checksum:    62584 3f100448c8878c19bb25c7535eadb927

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:    30666 5dbd7896cbab66c6baa924b7a8d19db4
    http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:    64384 4138202014e9adb5a3437d43af8c4489
    http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:    67914 bdae3180c820e7d086d67352a58525aa
    http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:    54776 d3fe7fb157e567c06d92077969d247c4
    http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:   232342 01bbde0036b1a633f3e0e7eb6efbf507
    http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:   424956 24a3c01b545b17d10ebc36eb08729784
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:  1671358 a2aa1d755dca60aa056bbe18bd9049d8
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:   288574 e1152b9f142201d901bd847ff6f316c1
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:   370862 a529b352731287162f738fbca8f46fbb
    http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:   501866 5e1788307a029b0f1629d971810c83e4
    http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_sparc.deb
      Size/MD5 checksum:    62130 cb92d1b4bdf8f9eef11a01ab85182253


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAw/COW5ql+IAeqTIRAodyAJ9AXByZxO2B7X17bJH7ybdUPjrU3ACeONId
zPdhrwu8gF9mE/zUIas7Puw=
=o8VU
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


Shachar Shemesh wrote:
> Can anyone comment on where this fix is coming from? Was it found and
> fixed by the Debian maintainer? Is the fix integrated into the ODBC
> available from gborg? What other platforms are affected by it?

The fix was made by the Debian maintainer after discussion on the
pgsql-bugs list.  It is not integrated in the upstream sources yet,
partially because it is not a proper fix, more a stop gap.  I think the
ODBC driver is full of more buffer overflows and needs a serious audit.


Hi,

On Mon, 07 Jun 2004 08:15:10 +0300
Shachar Shemesh <psql@shemesh.biz> wrote:

> Can anyone comment on where this fix is coming from? Was it found and
> fixed by the Debian maintainer? Is the fix integrated into the ODBC
> available from gborg? What other platforms are affected by it?

I think it's not affected on Windows because it truncates UserName
property to 32 bytes automatically.

--
TANIDA Yutaka <tanida@sra.co.jp>