Mandriva Linux Security Advisory 2009-279 - It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing a function to call mysql_real_escape_string(). This is needed, because mysql_real_escape_string() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called real_escape() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility. This update fixes this vulnerability.
2b62a55e24b7aa26c401cd16cb4872b8b758d488485ade3ea6a720c8f6d15442
Debian Linux Security Advisory 1910-1 - It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing a function to call mysql_real_escape_string(). This is needed, because mysql_real_escape_string() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called real_escape() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility.
c5ca7235cabdedc4c8be457ce3d37c7fdff2134e1f51a6791415879047c3e383