[Bug 657473] Re: It looks like you could make SQL injection with $_POST['host'] or some other variables.
** Changed in: smbind (Ubuntu) Status: Incomplete = Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/657473 Title: It looks like you could make SQL injection with $_POST['host'] or some other variables. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/smbind/+bug/657473/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 657473] Re: It looks like you could make SQL injection with $_POST['host'] or some other variables.
Jamie, yes I notified them two years ago: http://sourceforge.net/tracker/?func=detailaid=3083361group_id=101135atid=629100 ** Bug watch added: SourceForge.net Tracker #3083361 http://sourceforge.net/support/tracker.php?aid=3083361 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/657473 Title: It looks like you could make SQL injection with $_POST['host'] or some other variables. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/smbind/+bug/657473/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 657473] Re: It looks like you could make SQL injection with $_POST['host'] or some other variables.
Has upstream been notified? ** Changed in: smbind (Ubuntu) Status: Confirmed = Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/657473 Title: It looks like you could make SQL injection with $_POST['host'] or some other variables. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/smbind/+bug/657473/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 657473] Re: It looks like you could make SQL injection with $_POST['host'] or some other variables.
Hi, On 02/05/2011 12:30 AM, Kees Cook wrote: Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Changed in: smbind (Ubuntu) Status: New = Confirmed ** Changed in: smbind (Ubuntu) Importance: Undecided = Medium ** Visibility changed to: Public Before making it public, an email to the Debian maintainer or better to the Debian Security team would be appreciated. Cheers, Giuseppe. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/657473 Title: It looks like you could make SQL injection with $_POST['host'] or some other variables. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 657473] Re: It looks like you could make SQL injection with $_POST['host'] or some other variables.
** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/657473 Title: It looks like you could make SQL injection with $_POST['host'] or some other variables. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 657473] Re: It looks like you could make SQL injection with $_POST['host'] or some other variables.
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Changed in: smbind (Ubuntu) Status: New = Confirmed ** Changed in: smbind (Ubuntu) Importance: Undecided = Medium ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/657473 Title: It looks like you could make SQL injection with $_POST['host'] or some other variables. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs