Magnus,
> The wording I have for the bugtraq post (out in a couple of minutes) is:
> * If application always sends untrusted strings as out-of-line
> parameters,
> instead of embedding them into SQL commands, it is not vulnerable.
> This is
> only available in PostgreSQL 7.4 or later.
Fixed. I love CMSes, even when they're buggy. ;-)
--
Josh Berkus
PostgreSQL @ Sun
San Francisco