CVE-2009-2942

The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

Date published : 2009-10-22

http://www.debian.org/security/2009/dsa-1910

http://www.mandriva.com/security/advisories?name=MDVSA-2009:279