Version in base suite: 3.8.1-1etch1
Version in overlay suite: (not present)

Base version: pygresql_3.8.1-1etch1
Target version: pygresql_3.8.1-1etch2
Base file: /org/ftp.debian.org/ftp/pool/main/p/pygresql/pygresql_3.8.1-1etch1.dsc
Target file: /org/ftp.debian.org/queue/o-p-u-new/pygresql_3.8.1-1etch2.dsc

 pgmodule.c                      |   58 ++++++++++++++++++++++++++++++++++++++++
 pygresql-3.8.1/debian/changelog |    9 ++++++
 2 files changed, 67 insertions(+)

diff -u pygresql-3.8.1/debian/changelog pygresql-3.8.1/debian/changelog
--- pygresql-3.8.1/debian/changelog
+++ pygresql-3.8.1/debian/changelog
@@ -1,3 +1,12 @@
+pygresql (1:3.8.1-1etch2) oldstable-security; urgency=high
+
+  * Non-maintainer upload by the security team
+  * Add functions pg_escape_string and pg_escape_bytea for proper
+    escaping
+    Fixes: CVE-2009-2940
+
+ -- Steffen Joeris <white@debian.org>  Sun, 20 Sep 2009 15:30:33 +0000
+
 pygresql (1:3.8.1-1etch1) proposed-updates; urgency=low
 
   * Non maintainer upload.
only in patch2:
unchanged:
--- pygresql-3.8.1.orig/pgmodule.c
+++ pygresql-3.8.1/pgmodule.c
@@ -2656,6 +2656,59 @@
 }
 #endif
 
+/* escape string */
+static char pg_escape_string__doc__[] =
+"pg_escape_string(str) -- escape a string for use within SQL.";
+
+static PyObject *
+pg_escape_string(pgobject *self, PyObject *args) {
+        char *from; /* our string argument */
+        char *to=NULL; /* the result */
+        int from_length; /* length of string */
+        int to_length; /* length of result */
+        PyObject *ret; /* string object to return */
+
+        if (!PyArg_ParseTuple(args, "s#", &from, &from_length))
+                return NULL;
+        to_length = 2*from_length + 1;
+        if (to_length < from_length) { /* overflow */
+                to_length = from_length;
+                from_length = (from_length - 1)/2;
+        }
+        to = (char *)malloc(to_length);
+        to_length = (int)PQescapeStringConn(self->cnx,
+                to, from, (size_t)from_length, NULL);
+        ret = Py_BuildValue("s#", to, to_length);
+        if (to)
+                free(to);
+        if (!ret) /* pass on exception */
+                return NULL;
+        return ret;
+}
+
+/* escape bytea */
+static char pg_escape_bytea__doc__[] =
+"pg_escape_bytea(data) -- escape binary data for use within SQL as type bytea.";
+
+static PyObject *
+pg_escape_bytea(pgobject *self, PyObject *args) {
+        unsigned char *from; /* our string argument */
+        unsigned char *to; /* the result */
+        int from_length; /* length of string */
+        size_t to_length; /* length of result */
+        PyObject *ret; /* string object to return */
+
+        if (!PyArg_ParseTuple(args, "s#", &from, &from_length))
+                return NULL;
+        to = PQescapeByteaConn(self->cnx, from, (int)from_length, &to_length);
+        ret = Py_BuildValue("s", to);
+        if (to)
+                PQfreemem((void *)to);
+        if (!ret) /* pass on exception */
+                return NULL;
+        return ret;
+}
+
 #ifdef LARGE_OBJECTS
 /* creates large object */
 static char pg_locreate__doc__[] =
@@ -2766,6 +2819,11 @@
 			pg_getnotify__doc__},
 	{"inserttable", (PyCFunction) pg_inserttable, METH_VARARGS,
 			pg_inserttable__doc__},
+       {"escape_string", (PyCFunction) pg_escape_string, METH_VARARGS,
+                        pg_escape_string__doc__},
+        {"escape_bytea", (PyCFunction) pg_escape_bytea, METH_VARARGS,
+                        pg_escape_bytea__doc__},
+
 #ifdef PQfreeNotify	/* must be 7.4 or later */
 	{"transaction", (PyCFunction) pg_transaction, METH_VARARGS,
 			pg_transaction__doc__},