Debian Linux Security Advisory 1910-1 – It was discovered that mysql-ocaml, OCaml bindings for MySql, was missing a function to call mysql_real_escape_string(). This is needed, because mysql_real_escape_string() honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are used. The added function is called real_escape() and takes the established database connection as a first argument. The old escape_string() was kept for backwards compatibility.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/82025/dsa-1910-1.txt
Source: https://packetstormsecurity.com/files/82025/Debian-Linux-Security-Advisory-1910-1.html