[Dapper only] CVE-2006-4041: Pike Unspecified SQL Injection Vulnerability
Bug #58169 reported by
Cody A.W. Somerville
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Debian |
Fix Released
|
Unknown
|
|||
pike7.2 (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
pike7.4 (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
pike7.6 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Hoary |
Fix Released
|
Medium
|
Martin Pitt | ||
Dapper |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Summary: Not escaping query strings can possibly result in SQL injection for apps that use pike+postgresql.
I believe that this also applies to pike7.4, and pike 7.2.
This has been fixed upstream and is not found in version 7.6.87.
I think 7.6.87 is in Edgy and can be backported to correct this issue.
http://
http://
P.S. This is my first bug report - sorry if I've made any mistakes in reporting this.
CVE References
Changed in pike7.6: | |
status: | Confirmed → In Progress |
Changed in pike7.6: | |
assignee: | kamion → nobody |
To post a comment you must log in.
I'm not sure if a patch is available yet for 7.4 branch.