Package: src:dtc Version: 0.32.10-2 Severity: critical Tags: security upstream SQL injection in the package installer: $q = "SELECT DISTINCT db.Db,db.User FROM mysql.user,mysql.db WHERE user.dtcowner='$adm_login' AND db .User=user.User AND db.Db='".$_REQUEST["database_name"]."';"; Ansgar