Bug#323052: pam-pgsql: FTBFS: libpq-fe.h: No such file or directory

Thank you for your report. I'm waiting for my sponsor to get back from vacation. Then I'll be able to upload version compatible with new directory structure of postgresql libraries in Debian. Regards, Primoz Bratanic On Sun, 2005-08-14 at 14:22 +0200, Andreas Jochens wrote: >

Bug#308031: mailutils: woody is affected too

Hello, > I don't think this will need a DSA. Please double-check! Default compile option is without mysql and you didn't change that (so your binaries are not vulnerable, even if source is) Primoz signature.asc Description: This is a digitally signed message part

Bug#308031: mailutils: woody is affected too

Package: mailutils Followup-For: Bug #308031 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Woody is affected too. Just check MySql/MySql.c (just that there is no escaping ... ) - -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimenta

Bug#308031: mailutils: sql injection vulnerability in sql authentication module

ection. Solution: add \ to list of characters to be escaped. Primoz Bratanic - -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-686-smp Locale: LANG=en_US.UT

Bug#307784: pam-pgsql: CAN-2004-0366

On Sat, 2005-05-07 at 13:48 +0200, Micha Lenk wrote: > Severity #307366 Grave > Merge #307784 #307366 > Thanks dear bugtracking system. > > On Fri, May 06, 2005 at 09:10:17PM +0200, Primoz wrote: > > Is there a way to revert the upload to the NMUed one (which had security &g

Bug#307784: pam-pgsql: CAN-2004-0366

Is there a way to revert the upload to the NMUed one (which had security problems fixed), so package stays in sarge. I would need at least a week to 14 days to port pam-mysql to pgsql (which seems like the best way to go). Primoz On Fri, 2005-05-06 at 16:03 +0200, Joerg Wendland wrote: > On

Bug#307784: pam-pgsql: CAN-2004-0366

> On Thu, May 05, 2005 at 03:41:13PM +0200, Primoz Bratanic wrote: > > Package: pam-pgsql > > Severity: critical > > Tags: security > > Justification: root security hole > > > The problem reported in BUG#230875 and marked as fixed (NMU upload) was open >

Bug#307796: xtradius: sql injection in authmysql

Package: xtradius Severity: grave Tags: security Justification: user security hole -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 There is no user input verification whatsoever. In /contrib/authmysql/authmysql.c username supplied by user is fed directly to database. Primoz Bratanic

Bug#307784: pam-pgsql: CAN-2004-0366

regarding sql injection problem with changing password (easy impact would be changing uid to 0 ... root compromise). Primoz Bratanic - -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686)

Bug#290833: dbmail-pgsql: Inconsistent escaping of user supplied data in dbauthpgsql.c

t and I'll resubmit it when I finish PoC. Best regards, Primoz - -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-686 Locale: LANG=en_US.UTF-8,