Two SQL injection vulnerabilities have been found in courier-authlib,
the courier authentification library. The MySQL database interface used
insufficient escaping mechanisms when constructing SQL statements,
leading to SQL injection vulnerabilities if certain charsets are used
(CVE-2008-2380). A similar issue affects the PostgreSQL database
interface (CVE-2008-2667).
For the stable distribution (etch), these problems have been fixed in
version 0.58-4+etch2.
For the testing distribution (lenny) and the unstable distribution
(sid), these problems have been fixed in version 0.61.0-1+lenny1.
We recommend that you upgrade your courier-authlib packages.
CPE | Name | Operator | Version |
---|---|---|---|
courier-authlib | eq | 0.58-4 |