Steffen Joeris wrote:
> Package: courier-authlib
> Severity: grave
> Tags: security, patch
> Justification: user security hole
>
> Hi
>
> It was announced that courier-authlib suffers from a sql injection
> vulnerability with MySQL databases that use non-Latin character
> sets.
> For more information see this link[0]. There is also a follow-up here[1].
> A CVE id is already requested and will be added to this bugreport, once
> it is available.
>
> The patch is attached, please review and consider including it.
This problem fixed in courier-authlib 0.60.6, so the patch from upstream
should be used (if different). I'm off for social event now, you can
upload a NMU if you like.
Regards
Racke
--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
