"and for a change this small is it still recommended to build a patch and upload it?"
Well, if you don't, someone else has to, right ???
I should change the driver to escape them in the case where we're doing bind-variable emulation (":tcl_var"). We should really treat strings inserted into the database as being SQL92 standard input.
Mind sharing details as to the security breach you've found?
