Steffen Joeris wrote: > Package: courier-authlib > Severity: grave > Tags: security, patch > Justification: user security hole > > Hi > > It was announced that courier-authlib suffers from a sql injection > vulnerability with MySQL databases that use non-Latin character > sets. > For more information see this link[0]. There is also a follow-up here[1]. > A CVE id is already requested and will be added to this bugreport, once > it is available. > > The patch is attached, please review and consider including it.
This problem fixed in courier-authlib 0.60.6, so the patch from upstream should be used (if different). I'm off for social event now, you can upload a NMU if you like. Regards Racke -- LinuXia Systems => http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP => http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]