reopen 369359 thanks Hi Jaldhar!
I'm terribly sorry, but during backporting the upstream patch I made a mistake. Can you please apply the attached debdiff on top of the current package to unbreak mysql auth? Please see https://launchpad.net/bugs/49601 for details. Thank you! Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
diff -u dovecot-1.0.beta3/debian/changelog dovecot-1.0.beta3/debian/changelog --- dovecot-1.0.beta3/debian/changelog +++ dovecot-1.0.beta3/debian/changelog @@ -1,3 +1,10 @@ +dovecot (1.0.beta3-3ubuntu5.2) dapper-security; urgency=low + + * debian/patches/sql_escape.dpatch: Supply the correct mysql connection + argument to mysql_real_escape_string(). Closes: LP#49601. + + -- Martin Pitt <[EMAIL PROTECTED]> Tue, 13 Jun 2006 17:33:49 +0000 + dovecot (1.0.beta3-3ubuntu5.1) dapper-security; urgency=low * SECURITY UPDATE: SQL injection with certain client character encodings. diff -u dovecot-1.0.beta3/debian/patches/sql_escape.dpatch dovecot-1.0.beta3/debian/patches/sql_escape.dpatch --- dovecot-1.0.beta3/debian/patches/sql_escape.dpatch +++ dovecot-1.0.beta3/debian/patches/sql_escape.dpatch @@ -247,7 +247,7 @@ + /* All the connections should be identical, so just use the first one */ + conn = buffer_get_modifyable_data(db->connections, &size); + to = t_buffer_get(len * 2 + 1); -+ len = mysql_real_escape_string(&conn[0], to, string, len); ++ len = mysql_real_escape_string(conn->mysql, to, string, len); + t_buffer_alloc(len + 1); + return to; +}
signature.asc
Description: Digital signature
