[Libpqxx-general] possible use of vulnerable functions in libpqxx
Jeroen Vermeulen
jtv at xs4all.nl
Thu Oct 22 17:47:03 UTC 2009
Eugene V. Lyubimkin wrote:
> Hi Jeroen,
>
> Debian security team prepared a list of packages [1] that use mysql/postgresql
> unsafe functions, and libpqxx3 is in this list as possible candidate. Please read.
>
> [1]
> http://www.linux-archive.org/debian-development/383865-packages-use-deprecated-sql-escape-functions.html
No news there. When built against a libpq that does not have
PQescapeStringConn, then libpqxx will still use PQescapeString. I don't
think there's much reason for people to build libpqxx 3.0 against a
libpq that doesn't have it.
So basically, this is one of those false positives that the page mentions.
Jeroen
More information about the Libpqxx-general
mailing list