Full Disclosure mailing list archives
GLSA: teapop (200309-18)
From: aliz () gentoo org (Daniel Ahlberg)
Date: Tue, 30 Sep 2003 22:52:30 +0200 (CEST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200309-18 - - - --------------------------------------------------------------------- PACKAGE : teapop SUMMARY : sql injection DATE : 2003-09-30 20:52 UTC EXPLOIT : remote GENTOO BUG # : 26730 CVE : CAN-2003-0515 - - - --------------------------------------------------------------------- DESCRIPTION teapop suffers from a sql injection in the postgresql and mysql authentication module. SOLUTION it is recommended that all Gentoo Linux users who are running net-mail/teapop upgrade to a fixed version. make sure that the version to be installed is atleast 0.3.7. emerge sync emerge teapop -p emerge teapop emerge clean - - - --------------------------------------------------------------------- aliz () gentoo org - GnuPG key is available at http://dev.gentoo.org/~aliz - - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/ee0OfT7nyhUpoZMRAlmhAJ9THOKIyx0nc4azr1m0nr3WL4np0ACgllB6 6ztPlNoz+4lolEgTATKE/so= =Z13m -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- GLSA: teapop (200309-18) Daniel Ahlberg (Sep 30)