Re: inactivity, and orphaned packages

To: "Leon Breedt" <ljb@neverborn.ORG>
Cc: <debian-devel@lists.debian.org>
Subject: Re: inactivity, and orphaned packages
From: "David D.W. Dowey" <david-downey@citlink.net>
Date: Wed, 9 Jan 2002 03:14:18 -0800
Message-id: <[🔎] 00e701c198fe$d0579380$42fdadcf@laptop1>
References: <[🔎] 20020109124207.C23577@hive.spyder.web.za>

This problem looks to be in the libpq itself, not the pam library module
itself.

I could probably extend the module to include the escape check itself.
Shouldn't hurt any queries adding that check before making submissions,
whether this patch has been added or not.

Simple check for formatting should do it.

Want to discuss this fix privately or on the list? Or do you just want me to
take the package and fix on my own?

Also, who would be sponsering my package once I took this over? Would you be
doing it or do I need to make a request for a different sponser?

Either is fine for me. All depends on _your_ time allowance.

> There is a security problem with the way it accesses the database, in that
> single quotes are not escaped.
>
> A discussion of the problem, and a suggested fix, is here:
>
> http://cert.uni-stuttgart.de/advisories/apache_auth.php
>
> I myself don't have the time to look into this...
>
> Regards,
> Leon.

Reply to:

Follow-Ups:
- Re: inactivity, and orphaned packages
  - From: "David D.W. Dowey" <david-downey@citlink.net>

References:
- Re: inactivity, and orphaned packages
  - From: Leon Breedt <ljb@neverborn.ORG>

Prev by Date: Re: We still need sponsors!
Next by Date: Re: [ccheney@cheney.cx: libqt2 libpng2 resolution]
Previous by thread: Re: inactivity, and orphaned packages
Next by thread: Re: inactivity, and orphaned packages
Index(es):
- Date
- Thread