| Errata ID | 626 |
|---|---|
| Date | 2019-03-27 |
| Source package | sqlalchemy |
| Fixed in version | 0.9.8+dfsg-0.1+deb8u1 |
| Description | This update addresses the following issues: * SQL Injection when the order_by parameter can be controlled (CVE-2019-7164) * SQL Injection when the group_by parameter can be controlled (CVE-2019-7548) |
| Additional notes | |
| CVE ID | CVE-2019-7164 CVE-2019-7548 |
| UCS Bug number | #49074 |
