Viewing all changes in revision 3.
- Committer: Bazaar Package Importer
- Date: 2006-06-02 11:03:31 UTC
- Revision ID: james.westby@ubuntu.com-20060602110331-gi7kyfs2hsh3zqbm
* SECURITY UPDATE: SQL injection with certain client character encodings.
* src/lib/strescape.c, str_escape(): Escape ' as '', not as \'. In this
version, this function is still only used for escaping database queries,
so this does not break anything else.
* CVE-2006-2314
* src/lib/strescape.c, str_escape(): Escape ' as '', not as \'. In this
version, this function is still only used for escaping database queries,
so this does not break anything else.
* CVE-2006-2314
- files modified:
- debian/changelog
expand all
collapse all
added
removed
