CVE-2009-2942

Publication date 22 October 2009

Last updated 24 July 2024

The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mysql-ocaml	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Ignored end of life
	9.04 jaunty	Fixed 1.0.4-4+lenny1build0.9.04.1
	8.10 intrepid	Fixed 1.0.4-4+lenny1build0.8.10.1
	8.04 LTS hardy	Fixed 1.0.4-4+lenny1build0.8.04.1
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
mysql-ocaml	Vendor: http://www.debian.org/security/2009/dsa-1910

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2009-2942