Package: postfixadmin | Debian Sources

Package: postfixadmin / 2.3.5-2+deb7u1

Metadata

Package	Version	Patches format
postfixadmin	2.3.5-2+deb7u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
db_credentials \| (download)	config.inc.php \| 19 12 + 7 - 0 ! 1 file changed, 12 insertions(+), 7 deletions(-)	this patch sets the dbconfig placeholders in config.inc.php.
sql_injection_show_gen_status \| (download)	functions.inc.php \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	security: fix sql injection in show_gen_status() This vulnerability is only exploitable by authenticated users able to create new aliases. If the alias contains SQL code, the list-virtual.php overview triggers the vulnerability.

Patch

File delta

Description

db_credentials | (download)

config.inc.php | 19 12 + 7 - 0 !
1 file changed, 12 insertions(+), 7 deletions(-)

 this patch sets the dbconfig placeholders in config.inc.php.

sql_injection_show_gen_status | (download)

functions.inc.php | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 security: fix sql injection in show_gen_status()
 This vulnerability is only exploitable by authenticated users
 able to create new aliases. If the alias contains SQL code, the 
 list-virtual.php overview triggers the vulnerability.