Hi, I am the maintainer of Debian's packages for exim4, a powerful and versatile Mail Transfer Agent developed in Cambridge and in wide use throughout the Free Software Community (http://www.exim.org/). One of our daemon flavours has PostgreSQL support. Our security guys have found a flaw in exim regarding quote escaping for PostgreSQL. The bug is filed in Debian's BTS as http://bugs.debian.org/369351 and was transferred to exim's Bugzilla installation as http://www.exim.org/bugzilla/show_bug.cgi?id=107. Personally, I do not have any PostgreSQL experience (and do not have time and expertise to accumulate any), and the PostgreSQL support code in exim was contributed some time ago and Philip Hazel, exim's author, doesn't know too much about PostgreSQL as well.
