oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request: courier-authlib < 0.62.0 SQL Injection

From: Pierre-Yves Rofes <py () gentoo org>
Date: Tue, 10 Mar 2009 23:46:37 +0100
Hi,


From Changelog:


"0.62.0
2008-12-17  Sam Varshavchik  <mrsam () courier-mta com>

* authpgsqllib.c: Use PQescapeStringConn() instead of removing all
 apostrophes from query parameters. This fixes a potential SQL injection
 vulnerability if the Postgres database uses a non-Latin locale."

References:
http://www.courier-mta.org/authlib/changelog.html
http://bugs.gentoo.org/show_bug.cgi?id=252576


Thanks,


-- 
Pierre-Yves Rofes
Gentoo Linux Security Team
Previous By Date Next
Previous By Thread Next

Current thread: