Hi, http://patches.ubuntu.com/patches/exim4.sql_quote_escaping.diff is a quick band aid patch (minimally intrusive) suitable for a sarge security update. It also fixes the same issue for the mysql backend. However, in Sid exim4 should still be changed to use PQescapeStringConn() and mysql_real_escape().
Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
