oval:org.mitre.oval:def:13905

Definition Id: oval:org.mitre.oval:def:13905
 
Oval ID: oval:org.mitre.oval:def:13905
Title: USN-870-1 -- pygresql vulnerability
Description: Steffen Joeris discovered that PyGreSQL 3.8 did not use PostgreSQL�s safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL�s escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Because the safe functions require a database connection, to maintain backwards compatibility, pg.escape_string and pg.escape_bytea are still available, but applications will have to be adjusted to use the new pyobj.escape_string and pyobj.escape_bytea functions. For example, code containing: import pg connection = pg.connect escaped = pg.escape_string should be adjusted to use: import pg connection = pg.connect escaped = connection.escape_string
Family: unix Class: patch
Reference(s): USN-870-1
CVE-2009-2940
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Product(s): pygresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13250
 
Oval ID: oval:org.mitre.oval:def:13250
Title: Ubuntu 8.04 is installed
Description: Ubuntu 8.04 is installed
Family: unix Class: inventory
Reference(s): cpe:/o:ubuntu:ubuntu_linux:8.04
Version: 3
Platform(s): Ubuntu 8.04
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:13905
Definition Id: oval:org.mitre.oval:def:13306
 
Oval ID: oval:org.mitre.oval:def:13306
Title: Ubuntu 8.10 is installed
Description: Ubuntu 8.10 is installed
Family: unix Class: inventory
Reference(s): cpe:/o:ubuntu:ubuntu_linux:8.10
Version: 3
Platform(s): Ubuntu 8.10
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:13905