Summary: | <dev-ml/ocaml-mysql-1.1.1: Missing escape function (CVE-2009-2942) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Martin Alexander Neumann <hotpotatorouting> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ml |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.auscert.org.au/render.html?it=11808 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Martin Alexander Neumann
2009-10-15 17:42:40 UTC
Sorry arches. CVE-2009-2942 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2942): The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. Why on earth is this one still unhandled... x86 team, please test and stabilize =dev-ml/ocaml-mysql-1.1.1. (In reply to Chris Reffett from comment #3) > Why on earth is this one still unhandled... x86 team, please test and > stabilize =dev-ml/ocaml-mysql-1.1.1. ppc too Anyway, why C3? Don't ask me, I didn't sort it. ppc stable x86 stable GLSA vote: no. GLSA vote: no. Closing noglsa. |