Summary: | net-mail/mailutils sql injection | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | net-mail+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Other | ||
URL: | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031 | ||
Whiteboard: | B3? [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-06-02 07:15:35 UTC
Yep, files/mailutils-SQLinjection.patch fixes it. Cheers, Ferdy Thx Ferdy, this seems to be ready for GLSA decision. I tend to vote NO. This is CAN-2005-1824. I tend to vote YES. It probably allows to create mail accounts by SQL injection ? yes vote seems to only be an issue with mysql or postgres in USE ... so i think we should have a GLSA, just make sure to note that requirement GLSA 200506-02 |