Package: src:dtc Version: 0.32.10-2 Severity: critical Tags: security upstream
SQL injection in the package installer: $q = "SELECT DISTINCT db.Db,db.User FROM mysql.user,mysql.db WHERE user.dtcowner='$adm_login' AND db .User=user.User AND db.Db='".$_REQUEST["database_name"]."';"; Ansgar -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
