courier-authlib - SQL injection

Two SQL injection vulnerabilities have been found in courier-authlib,
the courier authentification library. The MySQL database interface used
insufficient escaping mechanisms when constructing SQL statements,
leading to SQL injection vulnerabilities if certain charsets are used
(CVE-2008-2380). A similar issue affects the PostgreSQL database
interface (CVE-2008-2667).

For the stable distribution (etch), these problems have been fixed in
version 0.58-4+etch2.

For the testing distribution (lenny) and the unstable distribution
(sid), these problems have been fixed in version 0.61.0-1+lenny1.

We recommend that you upgrade your courier-authlib packages.