Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 11 Mar 2009 12:04:21 +1100
From: Steffen Joeris <>
Cc: Pierre-Yves Rofes <>
Subject: Re: CVE Request: courier-authlib < 0.62.0 SQL Injection

Hi Pierre-Yves

> From Changelog:
> "0.62.0
> 2008-12-17  Sam Varshavchik  <>
> * authpgsqllib.c: Use PQescapeStringConn() instead of removing all
>  apostrophes from query parameters. This fixes a potential SQL injection
>  vulnerability if the Postgres database uses a non-Latin locale."
> References:
This should be CVE-2008-2380.


Download attachment "signature.asc " of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.