October 15, 2009

Mandriva Linux Security Advisory 2009:279: ocaml-mysql

A vulnerability has been found and corrected in ocaml-mysql:

It was discovered that mysql-ocaml, OCaml bindings for MySql,
was missing a function to call mysql_real_escape_string(). This
is needed, because mysql_real_escape_string() honours the charset
of the connection and prevents insufficient escaping, when certain
multibyte character encodings are used. The added function is called
real_escape() and takes the established database connection as a first
argument. The old escape_string() was kept for backwards compatibility
(CVE-2009-2942).

This update fixes this vulnerability...

Read More

Click Here!