[Secure-testing-team] Bug#521823: SQL injection

Steffen Joeris steffen.joeris at skolelinux.de
Mon Mar 30 09:35:15 UTC 2009


Package: auth2db
Version: 0.2.5-2+dfsg-1
Severity: grave
Tags: security

Hi

auth2db uses addslashes, which doesn't protect against SQL injections,
when used with multibyte character encodings.
As discussed via private mails, the NMU patch is attached.

Cheers
Steffen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nmu.patch
Type: text/x-diff
Size: 1509 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20090330/3f4c9892/attachment.patch 


More information about the Secure-testing-team mailing list