Gentoo Linux Security Advisory GLSA 200903-25 - An SQL injection vulnerability has been discovered in the Courier Authentication Library. It has been reported that some parameters used in SQL queries are not properly sanitized before being processed when using a non-Latin locale Postgres database. Versions less than 0.62.2 are affected.
4d0a513d35b3808568bc1d1acd29564ad2cb14beaca515b937b3401e5e3f0b3f
Debian Security Advisory 1688-2 - The update of courier-authlib in DSA 1688-1 caused a regression with setups that do not use mail addresses for authentification. This update fixes this regression.
f1c674abc89edfd6995906bf6df08c575d2f8acbbe6f8d1eb03b079f71356346
Debian Security Advisory 1688 - Two SQL injection vulnerabilities have beein found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used (CVE-2008-2380). A similar issue affects the PostgreSQL database interface (CVE-2008-2667).
9dc7b0b9ca92f9e1f59c4c6542e5d806f993baedd0e6072fa1262af0d44fbd0d