New Debian cyrus-sasl2 2.1.27~101-g0780600+dfsg-3+deb9u2 fixes: This update addresses the following issue: * failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands (CVE-2022-24407)
--- mirror/ftp/4.4/unmaintained/4.4-4/source/cyrus-sasl2_2.1.27~101-g0780600+dfsg-3+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/cyrus-sasl2_2.1.27~101-g0780600+dfsg-3+deb9u2.dsc @@ -1,3 +1,10 @@ +2.1.27~101-g0780600+dfsg-3+deb9u2 [Sun, 06 Mar 2022 10:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * Fix _sasl_add_string + * CVE-2022-24407 + Escape password for SQL insert/update commands + 2.1.27~101-g0780600+dfsg-3+deb9u1 [Thu, 19 Dec 2019 23:13:43 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/4.4-8/#2883985749125694071>
OK: yaml OK: announce_errata OK: patch FAIL: piuparts After purging files have disappeared. OK for erratum. [4.4-8] 6776e24ea5 Bug #54510: cyrus-sasl2 2.1.27~101-g0780600+dfsg-3+deb9u2 doc/errata/staging/cyrus-sasl2.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1186>