Viewing all changes in revision 4.
- Committer: Bazaar Package Importer
- Date: 2006-06-02 10:45:15 UTC
- Revision ID: james.westby@ubuntu.com-20060602104515-hv6t9m5e33r9vrek
* SECURITY UPDATE: SQL injection with certain client character encodings.
* src/lib/strescape.c, str_escape(): Escape ' as '', not as \'. In this
version, this function is still only used for escaping database queries,
so this does not break anything else.
* CVE-2006-2314
* src/lib/strescape.c, str_escape(): Escape ' as '', not as \'. In this
version, this function is still only used for escaping database queries,
so this does not break anything else.
* CVE-2006-2314
- files modified:
- debian/changelog
expand all
collapse all
added
removed
