A security flaw was found in the way MySQL authentication
handler / module of Python WebDAV server performed user
authentication. A remote attacker could use this flaw
to conduct SQL injection attacks via specially-crafted
Red Hat would like to thank Nico Golde of Debian Security Team
for reporting this issue. Debian Security Team acknowledges
'Teeed' as the original issue reporter.
This issue affects the versions of the pywebdav package, as shipped
with Fedora release of 13 and 14.
This issue affects the versions of the pywebdav package, as present
within EPEL-5 and EPEL-6 repositories.
Please schedule an update.
Created pywebdav tracking bugs for this issue
Affects: fedora-all [bug 679338]
Affects: epel-5 [bug 679339]
Affects: epel-6 [bug 679340]
This was corrected via the following EPEL6 and Fedora builds:
EPEL 5 still requires this fix, however.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.