-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt
-
Date:
2006-06-02 11:03:31 UTC
-
Revision ID:
james.westby@ubuntu.com-20060602110331-gi7kyfs2hsh3zqbm
Tags: 0.99.13-3ubuntu0.1
* SECURITY UPDATE: SQL injection with certain client character encodings.
* src/lib/strescape.c, str_escape(): Escape ' as '', not as \'. In this
version, this function is still only used for escaping database queries,
so this does not break anything else.
* CVE-2006-2314