[bug-mailutils] SQL injection vulnerability in mailutils

bug-mailutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-mailutils] SQL injection vulnerability in mailutils

From:	Jordi Mallach
Subject:	[bug-mailutils] SQL injection vulnerability in mailutils
Date:	Wed, 18 May 2005 13:38:14 +0200
User-agent:	Mutt/1.5.9i

Hello team,

I'm very sorry I didn't report this before, as I should have.

A week ago, Primoz reported a vulnerability in the SQL authentication
module in mailutils.

The details are in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031

The patch that was applied for Debian sarge (woody, luckily, wasn't
affected as it wasn't compiling this code at that time) is attached.

Thanks,
Jordi
-- 
Jordi Mallach P�rez  --  Debian developer     http://www.debian.org/
address@hidden     address@hidden     http://www.sindominio.net/
GnuPG public key information available at http://oskuro.net/

02_sql_injection.patch
Description: Text document

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-mailutils] SQL injection vulnerability in mailutils, Jordi Mallach <=
- Re: [bug-mailutils] SQL injection vulnerability in mailutils, Jordi Mallach, 2005/05/18
  - Re: [bug-mailutils] SQL injection vulnerability in mailutils, Sergey Poznyakoff, 2005/05/19
- Re: [bug-mailutils] SQL injection vulnerability in mailutils, Sergey Poznyakoff, 2005/05/19

Prev by Date: Re: Bug#309391: [bug-mailutils] Bug#309391: /etc/mail.rc: show CC by default
Next by Date: Re: [bug-mailutils] SQL injection vulnerability in mailutils
Previous by thread: [bug-mailutils] Mailutils version 0.6.90
Next by thread: Re: [bug-mailutils] SQL injection vulnerability in mailutils
Index(es):
- Date
- Thread