severity 307796 normal thanks > Package: xtradius > Severity: grave > Tags: security > Justification: user security hole > > There is no user input verification whatsoever. In > /contrib/authmysql/authmysql.c username supplied by user is fed directly > to database.
Er, unless I'm missing something, that code not only isn't built by default but doesn't even compile without hacking, and is not included in the .deb built by the package. I agree that it should still be fixed, but I don't see the justification for a grave severity or making the bug RC. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
