Package: auth2db
Version: 0.2.5-2+dfsg-1
Severity: grave
Tags: security
Hi
auth2db uses addslashes, which doesn't protect against SQL injections,
when used with multibyte character encodings.
As discussed via private mails, the NMU patch is attached.
Cheers
Steffen
diff -u auth2db-0.2.5-2+dfsg/debian/changelog auth2db-0.2.5-2+dfsg/debian/changelog
--- auth2db-0.2.5-2+dfsg/debian/changelog
+++ auth2db-0.2.5-2+dfsg/debian/changelog
@@ -1,3 +1,11 @@
+auth2db (0.2.5-2+dfsg-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the security team
+ * Fix possible SQL injection vulnerability when used with multibyte
+ encodings by using mysql_real_escape_string()
+
+ -- Steffen Joeris <wh...@debian.org> Mon, 30 Mar 2009 11:21:06 +0200
+
auth2db (0.2.5-2+dfsg-1) unstable; urgency=medium
* New debian-specific+upstream release (Closes: #493132):
diff -u auth2db-0.2.5-2+dfsg/debian/patches/series auth2db-0.2.5-2+dfsg/debian/patches/series
--- auth2db-0.2.5-2+dfsg/debian/patches/series
+++ auth2db-0.2.5-2+dfsg/debian/patches/series
@@ -6,0 +7 @@
+auth2db-sql-injection.patch
only in patch2:
unchanged:
--- auth2db-0.2.5-2+dfsg.orig/debian/patches/auth2db-sql-injection.patch
+++ auth2db-0.2.5-2+dfsg/debian/patches/auth2db-sql-injection.patch
@@ -0,0 +1,19 @@
+--- ../old/auth2db-0.2.5-2+dfsg/www/security.php 2008-07-30 22:39:36.000000000 +0000
++++ auth2db-0.2.5-2+dfsg/www/security.php 2009-03-30 09:18:57.000000000 +0000
+@@ -15,12 +15,10 @@
+ # [Agrega escape de caracteres especiales SQL -> \' ]
+ function sec_addESC($var) {
+
+- if (!get_magic_quotes_gpc()){
+- $var = addslashes($var);
+- }
+-
++ $var = mysql_real_escape_string($var);
++
+ return $var;
+
+ }
+
+-?>
+\ No newline at end of file
++?>
