It's unfortunate that the wording of the email subject (and the current HN submission title) can make it sound like the problem is with PostgreSQL, when it's really a problem with Active Record's adapter for PostgreSQL.<p>PostgreSQL itself isn't responsible or affected, contrary to what the "Vulnerabilities Affecting PostgreSQL" phrasing suggests at a glance.
Looks like the Rails 3.2 update drags along a few other unrelated changes, although they appear to be fairly minor:
<a href="https://github.com/rails/rails/compare/v3.2.18...v3.2.19" rel="nofollow">https://github.com/rails/rails/compare/v3.2.18...v3.2.19</a><p>as compared to:
<a href="https://github.com/rails/rails/compare/v4.1.2...v4.1.3" rel="nofollow">https://github.com/rails/rails/compare/v4.1.2...v4.1.3</a> and <a href="https://github.com/rails/rails/compare/v4.0.6...v4.0.7" rel="nofollow">https://github.com/rails/rails/compare/v4.0.6...v4.0.7</a>
You should be able to see if you are vulnerable by running this query:<p><pre><code> select
cn.nspname as schema,
relname as table,
attname as column,
tn.nspname as type_schema,
typname as type_name
from pg_attribute a
inner join pg_class c on a.attrelid = c.oid
inner join pg_namespace cn on c.relnamespace = cn.oid
inner join pg_type t on a.atttypid = t.oid
inner join pg_namespace tn on t.typnamespace = tn.oid
where (t.typtype = 'r' or t.typname = 'bit' or t.typname = 'varbit');</code></pre>