It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing a function to call mysql_real_escape_string(). This is needed, because mysql_real_escape_string() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called real_escape() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility. Developers using these bindings are encouraged to adjust their code to use the new function. Reproducible: Always
Sorry arches.
CVE-2009-2942 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2942): The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
Why on earth is this one still unhandled... x86 team, please test and stabilize =dev-ml/ocaml-mysql-1.1.1.
(In reply to Chris Reffett from comment #3) > Why on earth is this one still unhandled... x86 team, please test and > stabilize =dev-ml/ocaml-mysql-1.1.1. ppc too Anyway, why C3?
Don't ask me, I didn't sort it.
ppc stable
x86 stable
GLSA vote: no.
GLSA vote: no. Closing noglsa.