Package: slash Severity: grave Tags: security Justification: user security hole
Hi A possible SQL injection vulnerability was discovered in slash. The vulnerability was an SQL injection. Its effect was to allow a user with no special authorization to read any information from any table the Slash site's mysql user was authorized to read (which may include other databases, including information_schema). More information can be found here[0]. The upstream patch can be found here[1]. Cheers Steffen [0]: http://www.slashcode.com/article.pl?sid=08/01/07/2314232 [1]: http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
