Mandrake Security Advisory MDVSA-2009:279 (ocaml-mysql)

Summary
The remote host is missing an update to ocaml-mysql announced via advisory MDVSA-2009:279.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:279 http://www.debian.org/security/2009/dsa-1910
Insight
A vulnerability has been found and corrected in ocaml-mysql: It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing a function to call mysql_real_escape_string(). This is needed, because mysql_real_escape_string() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called real_escape() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility (CVE-2009-2942). This update fixes this vulnerability. Affected: Enterprise Server 5.0