CVE request: postfixadmin SQL injection vulnerability

[Thijs Kinkhorst <thijs () debian org>]

Hi,

Postfixadmin has an SQL injection vulnerability. This vulnerability is only 
exploitable by authenticated users able to create new aliases. If the alias 
contains SQL code, the list-virtual.php overview triggers the vulnerability.

The vulnerability was fixed upstream in this commit:
http://sourceforge.net/p/postfixadmin/code/1650

Please assign a CVE name for this issue.


Thanks,

Thijs Kinkhorst
Debian Security Team

Attachment: signature.asc
Description: This is a digitally signed message part.