Hi, I just want to mention that there are many other SQL injection bugs in this package. The one I mentioned in the initial bug report is actually just an example.
This is also not fixed in the "new" upstream release (which is also older than six years now). Considering that the package is no longer maintained upstream and has several serious issues, maybe this package should be removed from Debian? Regards, Ansgar -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org