Cédric Krier has found that python-sql does not escape non-Expression for unary operators 11 (like And and Or) which makes any system exposing those vulnerable to an SQL injection attack.
{ "ubuntu_priority": "medium" }