CVE-2012-0805
Published: 5 June 2012
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.
Notes
| Author | Note |
|---|---|
| jdstrand | Keystone on 11.10 is a pre-release version and unusable with other components such as nova and horizon |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
keystone Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Ignored
|
|
| precise |
Not vulnerable
(code-not-present)
|
|
| quantal |
Not vulnerable
(code-not-present)
|
|
| raring |
Not vulnerable
(code-not-present)
|
|
| saucy |
Not vulnerable
(code-not-present)
|
|
| upstream |
Needs triage
|
|
|
Patches: other: https://github.com/openstack/keystone/commit/45b36369a39e5e3cde6453312d73f85268dcd372%0A |
||
|
sqlalchemy Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Ignored
(end of life)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Ignored
(end of life)
|
|
| oneiric |
Not vulnerable
(0.6.8-1)
|
|
| precise |
Not vulnerable
(0.7.4-1)
|
|
| quantal |
Not vulnerable
(0.7.4-1)
|
|
| raring |
Not vulnerable
(0.7.4-1)
|
|
| saucy |
Not vulnerable
(0.7.4-1)
|
|
| upstream |
Released
(0.6.7, 0.7.0b)
|
|
|
Patches: other: http://hg.sqlalchemy.org/sqlalchemy/rev/38935f1915a2 vendor: https://rhn.redhat.com/errata/RHSA-2012-0369.html vendor: http://www.debian.org/security/2012/dsa-2449 |
||