Bug#323052: pam-pgsql: FTBFS: libpq-fe.h: No such file or directory

Thank you for your report. I'm waiting for my sponsor to get back from vacation. Then I'll be able to upload version compatible with new directory structure of postgresql libraries in Debian. Regards, Primoz Bratanic On Sun, 2005-08-14 at 14:22 +0200, Andreas Jochens wrote: >

Bug#308031: mailutils: woody is affected too

Package: mailutils Followup-For: Bug #308031 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Woody is affected too. Just check MySql/MySql.c (just that there is no escaping ... ) - -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimenta

Bug#308031: mailutils: sql injection vulnerability in sql authentication module

ection. Solution: add \ to list of characters to be escaped. Primoz Bratanic - -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-686-smp Locale: LANG=en_US.UT

Bug#307796: xtradius: sql injection in authmysql

Package: xtradius Severity: grave Tags: security Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 There is no user input verification whatsoever. In /contrib/authmysql/authmysql.c username supplied by user is fed directly to database. Primoz Bratanic

Bug#307784: pam-pgsql: CAN-2004-0366

regarding sql injection problem with changing password (easy impact would be changing uid to 0 ... root compromise). Primoz Bratanic - -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686)

Bug#290833: dbmail-pgsql: Inconsistent escaping of user supplied data in dbauthpgsql.c

Package: dbmail-pgsql Version: 1.2.11 Severity: grave Tags: security Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In pgsql/dbauthpgsql.c escaping is not consistent. Sometimes username and other user supplied values are escaped and sometimes like in: aut