CVE 2013-4422
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
Related bugs and status
CVE-2013-4422 (Candidate) is related to these bugs:
Bug #1238337: TBD Security Bug - Fix Expected This Weekend
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1238337 | TBD Security Bug - Fix Expected This Weekend | quassel (Ubuntu) | High | Fix Released | ||
1238337 | TBD Security Bug - Fix Expected This Weekend | quassel (Ubuntu Lucid) | Low | Won't Fix | ||
1238337 | TBD Security Bug - Fix Expected This Weekend | quassel (Ubuntu Precise) | Medium | Won't Fix | ||
1238337 | TBD Security Bug - Fix Expected This Weekend | quassel (Ubuntu Quantal) | Low | Won't Fix | ||
1238337 | TBD Security Bug - Fix Expected This Weekend | quassel (Ubuntu Raring) | Low | Won't Fix | ||
1238337 | TBD Security Bug - Fix Expected This Weekend | quassel (Ubuntu Saucy) | High | Fix Released |
Bug #1448911: Execute initDbSession() on DB reconnects
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1448911 | Execute initDbSession() on DB reconnects | quassel (Ubuntu) | Undecided | Fix Released | ||
1448911 | Execute initDbSession() on DB reconnects | quassel (Ubuntu Vivid) | Undecided | Fix Released | ||
1448911 | Execute initDbSession() on DB reconnects | quassel (Ubuntu Wily) | Undecided | Fix Released | ||
1448911 | Execute initDbSession() on DB reconnects | quassel (Ubuntu Utopic) | Undecided | Fix Released | ||
1448911 | Execute initDbSession() on DB reconnects | quassel (Ubuntu Trusty) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.