[Secure-testing-commits] r33957 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Apr 29 18:36:51 UTC 2015
Author: carnil
Date: 2015-04-29 18:36:51 +0000 (Wed, 29 Apr 2015)
New Revision: 33957
Modified:
data/CVE/list
Log:
Add more information for CVE-2013-4422/quassel
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-29 18:20:28 UTC (rev 33956)
+++ data/CVE/list 2015-04-29 18:36:51 UTC (rev 33957)
@@ -42280,7 +42280,13 @@
RESERVED
CVE-2013-4422 (SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 ...)
- quassel <unfixed>
- TODO: Needs to be re-evaluated, #552374 claims Postgres support is not enabled in Debian
+ NOTE: Issue when used with QT >= 4.8.5 and PostgreSQL >= 8.2
+ NOTE: http://quassel-irc.org/node/120
+ NOTE: http://bugs.quassel-irc.org/issues/1244
+ NOTE: https://github.com/quassel/quassel/commit/aa1008be162cb27da938cce93ba533f54d228869
+ NOTE: Caused by a change in QT's postgres driver:
+ NOTE: https://bugreports.qt-project.org/browse/QTBUG-30076
+ NOTE: https://qt.gitorious.org/qt/qtbase/commit/e3c5351d06ce8a12f035cd0627356bc64d8c334a
CVE-2013-4421 (The buf_decompress function in packet.c in Dropbear SSH Server before ...)
- dropbear 2012.55-1.4 (low; bug #726019)
[squeeze] - dropbear <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list