[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-mailutils] SQL injection vulnerability in mailutils
From: |
Jordi Mallach |
Subject: |
[bug-mailutils] SQL injection vulnerability in mailutils |
Date: |
Wed, 18 May 2005 13:38:14 +0200 |
User-agent: |
Mutt/1.5.9i |
Hello team,
I'm very sorry I didn't report this before, as I should have.
A week ago, Primoz reported a vulnerability in the SQL authentication
module in mailutils.
The details are in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031
The patch that was applied for Debian sarge (woody, luckily, wasn't
affected as it wasn't compiling this code at that time) is attached.
Thanks,
Jordi
--
Jordi Mallach P�rez -- Debian developer http://www.debian.org/
address@hidden address@hidden http://www.sindominio.net/
GnuPG public key information available at http://oskuro.net/
02_sql_injection.patch
Description: Text document
signature.asc
Description: Digital signature
- [bug-mailutils] SQL injection vulnerability in mailutils,
Jordi Mallach <=