oss-sec mailing list archives
CVE request: incomplete fix for CVE-2013-4422
From: Pierre Schweitzer <pierre () reactos org>
Date: Mon, 27 Apr 2015 11:16:06 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear all, It's been found that in Quassel, the CVE-2013-4422 was incorrectly fixed and that core was still vulnerable to SQL injection on reconnection. This has been fixed with commit: https://github.com/quassel/quassel/commit/6605882f41331c80f7ac3a6992650a702ec71283 The incomplete bugfix had been released with Quassel 0.9.1: http://quassel-irc.org/node/120 With my best regards, - -- Pierre Schweitzer <pierre () reactos org> System & Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVPf5WAAoJEHVFVWw9WFsLidQP+QFVN33rAzw1OC7NRF1MW1yW uKo11iRnjt2F+WRl+0MlJR2ev5b3VirlDs19pfyD/JVJCI13FKnr8LtqKcLFvGQ/ 1XjQSKOPzoGttr2wvL84QkixjnsD4S6uVRwJvFyo8GoEbs5FTIGDLS8Jn8JqZaqG HRX9apwYiKwYzThPAMkbAS8v8VTmNhYiUfjmLBZzncJiRbJCGd3GSe6Znjsx7Zj5 /Ge85szRnDrl/QFoW1G0w+Kcs4eyTtNaWoZftoblUqSNwe2/Wn77DKePOyQzClgh efuzFZy/8X728AsywI8O0UlxcyBTe0xjXUoxPuflUVzX18ZVrFdkWTqUisSxtl9a tCsm6TsXH3rSc/+fkgYvGUNADnv8koc5ej0KWHF/8LAkKhE8HwaehDHp2zVdfCnu czDy62DKJc6AW8X1aqAccXA1CpSzH/s+fBA7SZeS4w8h2cpsLaOIGHmgxvHxApzo NApdhDiv4LjooDyiAVaptGmT4w6S4XieuCnAz58J7f/hHgx1CPPSrrzCYVAFeIAK Seeyl45LoqyTkxK0uKs5savmhHHSNiTSo4tbpYoZ6nPwOzJorhWCxB2ozxNNu8V4 jHpgh9gOCDV/ZcMIVSzQlhVZZdpZ9hVevYIPVk/ZQSZ2ZoY0cfxcT6y9KPudaqFY +fKtOm4enoBnQWsjvJUz =Xd5Y -----END PGP SIGNATURE-----
Current thread:
- CVE request: incomplete fix for CVE-2013-4422 Pierre Schweitzer (Apr 27)
- Re: CVE request: incomplete fix for CVE-2013-4422 cve-assign (Apr 27)