It was discovered that python-webdav, a WebDAV server implementation, contains several SQL injection vulnerabilities in the processing of user credentials. The oldstable distribution does not contain a python-webdav package.