Releases

frugalware-0.8 (Kalgan)
Mar 11, 2008

frugalware-0.7 (Sayshell)
Oct 13, 2007

frugalware-0.6 (Terminus)
Mar 22, 2007

frugalware-0.5 (Siwenna)
Sep 14, 2006

frugalware-0.4 (Wanda)
Mar 30, 2006

frugalware-0.3 (Trantor)
Oct 13, 2005

frugalware-0.2 (Aurora)
Apr 28, 2005

frugalware-0.1 (Genesis)
Nov 02, 2004

RSS

Donations

Donate to support our development efforts.

Recent updates
devel-core/
 pacman-tools
1.1.2-2solaria1-x86_64
devel-core/
 pacman-tools
1.1.2-2solaria1-i686
base/pacman-g2
3.7.2-2solaria1-x86_64
base/pacman-g2
3.7.2-2solaria1-i686
devel-extra/fwsetup
0.9.5-2solaria1-x86_64
devel-extra/fwsetup
0.9.5-2solaria1-i686
devel-extra/fwsetup
0.9.5-1-x86_64
devel-extra/fwsetup
0.9.5-1-i686
xapps/splashy
0.3.11-4-i686
xapps/splashy
0.3.11-4-i686

RSS
Languages
Change language | Change language | Change language | Change language | Change language | Change language | Change language
Information
Go Frugalware, Go
Valid XHTML 1.0!
Valid CSS!
Valid RSS!
Server information
Uptime:
10 day(s) 8 h 54 m 16 s
FSA485 - courier-authlib
Package:courier-authlib
Date:2008-07-02
Vulnerable version:0.60.2-1
Unaffected version:0.60.6-1kalgan1
Bug tracker entry:http://bugs.frugalware.org/task/3180
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2667
Description:A vulnerability has been reported in the Courier Authentication Library, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via e.g. the username to the library is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and e.g. potentially bypass authentication. Successful exploitation requires that a MySQL database is used for authentication and that a Non-Latin character set is selected.
© 2003-2008. The Frugalware Developer Team