Bug#323052: pam-pgsql: FTBFS: libpq-fe.h: No such file or directory

Thank you for your report. I'm waiting for my sponsor to get back from vacation. Then I'll be able to upload version compatible with new directory structure of postgresql libraries in Debian. Regards, Primoz Bratanic On Sun, 2005-08-14 at 14:22 +0200, Andreas Jochens wrote: Package: pam-pgsql

Bug#308031: mailutils: sql injection vulnerability in sql authentication module

characters ' and (strchr ('\, *p)), but not \ . Which results in problems like ... username = foo\' something being escaped to username = foo \\' something which makes \ character literal but allows escape and subsequent injection. Solution: add \ to list of characters to be escaped. Primoz

Bug#307784: pam-pgsql: CAN-2004-0366

regarding sql injection problem with changing password (easy impact would be changing uid to 0 ... root compromise). Primoz Bratanic - -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.10

Bug#307796: xtradius: sql injection in authmysql

Package: xtradius Severity: grave Tags: security Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 There is no user input verification whatsoever. In /contrib/authmysql/authmysql.c username supplied by user is fed directly to database. Primoz Bratanic