Re: inactivity, and orphaned packages

To: debian-devel@lists.debian.org
Subject: Re: inactivity, and orphaned packages
From: Leon Breedt <ljb@neverborn.ORG>
Date: Wed, 9 Jan 2002 12:42:07 +0200
Message-id: <[🔎] 20020109124207.C23577@hive.spyder.web.za>

On Wed, Jan 09, 2002 at 02:16:19AM -0800, David D.W. Dowey wrote:
> I'm willing to take the libpam-pgsql if you are willing to assign it to me.
Go for it. If you want to take ownership of the code, I'd be very happy
as well :)

There is a security problem with the way it accesses the database, in that
single quotes are not escaped.

A discussion of the problem, and a suggested fix, is here:

http://cert.uni-stuttgart.de/advisories/apache_auth.php

I myself don't have the time to look into this...

Regards,
Leon.

Reply to:

Follow-Ups:
- Re: inactivity, and orphaned packages
  - From: "David D.W. Dowey" <david-downey@citlink.net>
- Re: inactivity, and orphaned packages
  - From: Joerg Wendland <joergland@debian.org>

Prev by Date: Re: [wish] buildd.debian.org that shows success/failure
Next by Date: Re: We still need sponsors!
Previous by thread: Re: inactivity, and orphaned packages
Next by thread: Re: inactivity, and orphaned packages
Index(es):
- Date
- Thread