CVE-2009-2940 Information

Description

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

Reference

http://secunia.com/advisories/37046 http://secunia.com/advisories/37654 http://ubuntu.com/usn/usn-870-1 http://www.debian.org/security/2009/dsa-1911 http://www.osvdb.org/59028