2004-06-10: cvs and postgresql fixes

cvs (1.11.1p1debian-9woody6) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upsteram patch by Derek Robert Price to fix another vulnerability based on a malformed Entry. [debian/patches/66_CAN-2004-0414] * Only bumped the version number so the package gets rebuild after diskspace issues on klecker -- Martin Schulze Fri, 28 May 2004 06:51:26 +0200 cvs (1.11.1p1debian-9woody5) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upsteram patch by Derek Robert Price to fix another vulnerability based on a malformed Entry. [debian/patches/66_CAN-2004-0414] -- Martin Schulze Fri, 21 May 2004 16:05:01 +0200 postgresql (7.2.1-2woody5) stable-security; urgency=low * Fixed buffer overflow in ODBC driver (src/interfaces/odbc/): added parameter for target buffer size to make_string() to prevent buffer overflows and corrected all calls to it. This fixes #247306 for woody (bug was already closed with the upload to sid). With previous versions it was possible to crash (and possibly exploit) e. g. apache if a PHP script connected to a ODBC database with very long credential strings (DSN, username, password, etc.). Other parts of postgresql are not affected. -- Martin Pitt Thu, 13 May 2004 11:00:07 +0200