It was discovered that the SQL plugin in cyrus-sasl2, a library
implementing the Simple Authentication and Security Layer, is prone to a
SQL injection attack. An authenticated remote attacker can take
advantage of this flaw to execute arbitrary SQL commands and for
For the oldstable distribution (buster), this problem has been fixed
in version 2.1.27+dfsg-1+deb10u2.
For the stable distribution (bullseye), this problem has been fixed in
We recommend that you upgrade your cyrus-sasl2 packages.