MDVSA-2009:279
- Package name
- ocaml-mysql
- Date
- 2009-10-15
- Advisory ID
- MDVSA-2009:279
- Affected versions
- MES5 i586 , MES5 x86_64
Problem description
A vulnerability has been found and corrected in ocaml-mysql:
It was discovered that mysql-ocaml, OCaml bindings for MySql,
was missing a function to call mysql_real_escape_string(). This
is needed, because mysql_real_escape_string() honours the charset
of the connection and prevents insufficient escaping, when certain
multibyte character encodings are used. The added function is called
real_escape() and takes the established database connection as a first
argument. The old escape_string() was kept for backwards compatibility
(CVE-2009-2942).
This update fixes this vulnerability.
Updated packages
MES5 i586
e61bb4eb829250affa5eff14572279ba mes5/i586/ocaml-mysql-1.0.4-9.1mdvmes5.i586.rpm 3b1ee1b2c527f9ee28ad821aac600aed mes5/i586/ocaml-mysql-devel-1.0.4-9.1mdvmes5.i586.rpm 64960c08b893271da2054f9640997ddc mes5/SRPMS/ocaml-mysql-1.0.4-9.1mdvmes5.src.rpm
MES5 x86_64
899111d2a4fe395bd2cef4a743d5636a mes5/x86_64/ocaml-mysql-1.0.4-9.1mdvmes5.x86_64.rpm 5a73d1dabe89856ca97b50efd89330d5 mes5/x86_64/ocaml-mysql-devel-1.0.4-9.1mdvmes5.x86_64.rpm 64960c08b893271da2054f9640997ddc mes5/SRPMS/ocaml-mysql-1.0.4-9.1mdvmes5.src.rpm