CVE-2006-2313

Name	CVE-2006-2313
Description	PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection."
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
References	DSA-1087-1
Debian Bugs	368645

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
postgresql	source	sarge	7.4.7-6sarge2		DSA-1087-1
postgresql	source	(unstable)	7.5.4	high		368645
postgresql-7.4	source	(unstable)	1:7.4.13-1	high
postgresql-8.1	source	(unstable)	8.1.4-1	high

Notes

Beginning with version 7.5.4, postgresql is a transition
package which does not contain actual code. That's why
it's marked as fixed here. (Previous versions are vulnerable.)