The current version in sarge (w/ security updates) is 4.5.3-4 and from looking at upstream's CVS tree, it appears to me as if the bug leading to the security vulnerability was introduced _after_ 4.5.3.
Can you confirm that this bug exists in 4.5.3-4? Moreover, merging the PostgreSQL-related issues with this security bug does _not_ seem to be a good idea to me. Cheers, -Hilko, reading up on BTS documentation -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
