Nom du paquet
ocaml-mysql
Date
2009-10-15
Advisory ID
MDVSA-2009:279
Affected versions
MES5 i586 , MES5 x86_64

Problem description

A vulnerability has been found and corrected in ocaml-mysql:

It was discovered that mysql-ocaml, OCaml bindings for MySql,
was missing a function to call mysql_real_escape_string(). This
is needed, because mysql_real_escape_string() honours the charset
of the connection and prevents insufficient escaping, when certain
multibyte character encodings are used. The added function is called
real_escape() and takes the established database connection as a first
argument. The old escape_string() was kept for backwards compatibility
(CVE-2009-2942).

This update fixes this vulnerability.

Updated packages

MES5 i586

 e61bb4eb829250affa5eff14572279ba  mes5/i586/ocaml-mysql-1.0.4-9.1mdvmes5.i586.rpm
 3b1ee1b2c527f9ee28ad821aac600aed  mes5/i586/ocaml-mysql-devel-1.0.4-9.1mdvmes5.i586.rpm 
 64960c08b893271da2054f9640997ddc  mes5/SRPMS/ocaml-mysql-1.0.4-9.1mdvmes5.src.rpm

MES5 x86_64

 899111d2a4fe395bd2cef4a743d5636a  mes5/x86_64/ocaml-mysql-1.0.4-9.1mdvmes5.x86_64.rpm
 5a73d1dabe89856ca97b50efd89330d5  mes5/x86_64/ocaml-mysql-devel-1.0.4-9.1mdvmes5.x86_64.rpm 
 64960c08b893271da2054f9640997ddc  mes5/SRPMS/ocaml-mysql-1.0.4-9.1mdvmes5.src.rpm

References