Debian Linux Security Advisory 2449-1 - It was discovered that sqlalchemy, an SQL toolkit and object relational mapper for python, is not sanitizing input passed to the limit/offset keywords to select() as well as the value passed to select.limit()/offset(). This allows an attacker to perform SQL injection attacks against applications using sqlalchemy that do not implement their own filtering.
3b634c4e6348ffb1a9b2e90c970e4768f1315994bf78cea4adf5af707077012b