Nome do pacote
python-sqlalchemy
Data
2012-04-16
ID Alerta
MDVSA-2012:059
Versões afetadas
MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64

Descrição do problema

It was discovered that SQLAlchemy did not sanitize values for the limit
and offset keywords for SQL select statements. If an application using
SQLAlchemy accepted values for these keywords, and did not filter or
sanitize them before passing them to SQLAlchemy, it could allow an
attacker to perform an SQL injection attack against the application
(CVE-2012-0805).

The updated packages have been patched to correct this issue.

Pacotes atualizados

MES5 i586

 2340f4f449c7722c003ed2cec8ccc2c0  mes5/i586/python-sqlalchemy-0.4.7p1-1.1mdvmes5.2.noarch.rpm 
 13c7eab8aee943425e5f59ddc73f4732  mes5/SRPMS/python-sqlalchemy-0.4.7p1-1.1mdvmes5.2.src.rpm

2011 i586

 9cb0318708e0adc740995c7a80c41c3f  2011/i586/python-sqlalchemy-0.6.6-1.1-mdv2011.0.noarch.rpm 
 95ea238a1945537295f329b77b2d732d  2011/SRPMS/python-sqlalchemy-0.6.6-1.1.src.rpm

MES5 x86_64

 bac0b27a5529c3a010a7b3025e139da4  mes5/x86_64/python-sqlalchemy-0.4.7p1-1.1mdvmes5.2.noarch.rpm 
 13c7eab8aee943425e5f59ddc73f4732  mes5/SRPMS/python-sqlalchemy-0.4.7p1-1.1mdvmes5.2.src.rpm

2011 x86_64

 59e60e28100f82e8edcce6a523e5d2a2  2011/x86_64/python-sqlalchemy-0.6.6-1.1-mdv2011.0.noarch.rpm 
 95ea238a1945537295f329b77b2d732d  2011/SRPMS/python-sqlalchemy-0.6.6-1.1.src.rpm

Referências