Bug#308031: mailutils: sql injection vulnerability in sql authentication module

tags 308031 patch thanks I'm not sure that this is a lot of help, as the fix really is as straightforward as stated in the original report, but at least this is another pair of eyes looking at it. This fix looks good to me, and I've confirmed that the package still builds, although I'm not in a p

Processed: Re: Bug#308031: mailutils: sql injection vulnerability in sql authentication module

Processing commands for [EMAIL PROTECTED]: > tags 308031 patch Bug#308031: mailutils: sql injection vulnerability in sql authentication module Tags were: sid sarge woody security Tags added: patch > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tr

Bug#308031: mailutils: sql injection vulnerability in sql authentication module

Package: mailutils Severity: grave Tags: security Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In /auth/sql.c there is a function sql_escape_string (...) which does escaping of "bad" characters before feding them to DB. The problem is that function only escapes