The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.Referenceshttp://secunia.com/advisories/37048http://www.debian.org/security/2009/dsa-1909http://www.osvdb.org/59029
