Ubuntu
ampache package

Ampache 3.5.1 uses depreciated mysql_escape_string() function

Bug #454892 reported by Charlie_Smotherman on 2009-10-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	ampache (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: ampache

Ampache uses the depreciated mysql_escape_string() function in /modules/getid3/extension.cache.mysql.php. This makes ampache vulnerable to possible sql injections. Ampache should use mysql_real_escape_string() function instead

Related branches

lp:ubuntu/karmic/ampache

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-10-18:

This bug was fixed in the package ampache - 3.5.1-1ubuntu2

---------------
ampache (3.5.1-1ubuntu2) karmic; urgency=low

   * Changed /modules/getid3/extension.cache.mysql.php to use
     mysql_real_escape_string() instead of mysql_escape_string() which is now
     depreciated. This is needed to correct a potential sql_injection
     vulnerability. (LP: #454892)

-- Charlie Smotherman <email address hidden> Sun, 18 Oct 2009 08:50:25 -0500

Changed in ampache (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuampache package