Ubuntu: 2023-0020 High: SQL Injection Risk by Remote Access

The advisory DSA 229-1 contained a typo in one file which could cause
certain installations to fail suddenly.

For completeness, here is the original advisory text:

Jouko Pynnonen discovered a probem with IMP, a web based IMAP mail
program. Using carefully crafted URLs a remote attacker is able to
inject SQL code into SQL queries without proper user authentication.
Even though results of SQL queries aren't directly readable from the
screen, an attacker might. update his mail signature to contain wanted
query results and then view it on the preferences page of IMP.

The impact of SQL injection depends heavily on the underlying database
and its configuration. If PostgreSQL is used, it's possible to
execute multiple complete SQL queries separated by semicolons. The
database contains session id's so the attacker might hijack sessions
of people currently logged in and read their mail. In the worst case,
if the hordemgr user has the required privilege to use the COPY SQL
comm...