|
Message-ID: <49B6EDCD.9040705@gentoo.org> Date: Tue, 10 Mar 2009 23:46:37 +0100 From: Pierre-Yves Rofes <py@...too.org> To: oss-security@...ts.openwall.com Subject: CVE Request: courier-authlib < 0.62.0 SQL Injection Hi, >From Changelog: "0.62.0 2008-12-17 Sam Varshavchik <mrsam@...rier-mta.com> * authpgsqllib.c: Use PQescapeStringConn() instead of removing all apostrophes from query parameters. This fixes a potential SQL injection vulnerability if the Postgres database uses a non-Latin locale." References: http://www.courier-mta.org/authlib/changelog.html http://bugs.gentoo.org/show_bug.cgi?id=252576 Thanks, -- Pierre-Yves Rofes Gentoo Linux Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.