oss-sec mailing list archives

CVE request: incomplete fix for CVE-2013-4422

From: Pierre Schweitzer <pierre () reactos org>
Date: Mon, 27 Apr 2015 11:16:06 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dear all,

It's been found that in Quassel, the CVE-2013-4422 was incorrectly
fixed and that core was still vulnerable to SQL injection on reconnection.

This has been fixed with commit:
https://github.com/quassel/quassel/commit/6605882f41331c80f7ac3a6992650a702ec71283

The incomplete bugfix had been released with Quassel 0.9.1:
http://quassel-irc.org/node/120

With my best regards,
- -- 
Pierre Schweitzer <pierre () reactos org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVPf5WAAoJEHVFVWw9WFsLidQP+QFVN33rAzw1OC7NRF1MW1yW
uKo11iRnjt2F+WRl+0MlJR2ev5b3VirlDs19pfyD/JVJCI13FKnr8LtqKcLFvGQ/
1XjQSKOPzoGttr2wvL84QkixjnsD4S6uVRwJvFyo8GoEbs5FTIGDLS8Jn8JqZaqG
HRX9apwYiKwYzThPAMkbAS8v8VTmNhYiUfjmLBZzncJiRbJCGd3GSe6Znjsx7Zj5
/Ge85szRnDrl/QFoW1G0w+Kcs4eyTtNaWoZftoblUqSNwe2/Wn77DKePOyQzClgh
efuzFZy/8X728AsywI8O0UlxcyBTe0xjXUoxPuflUVzX18ZVrFdkWTqUisSxtl9a
tCsm6TsXH3rSc/+fkgYvGUNADnv8koc5ej0KWHF/8LAkKhE8HwaehDHp2zVdfCnu
czDy62DKJc6AW8X1aqAccXA1CpSzH/s+fBA7SZeS4w8h2cpsLaOIGHmgxvHxApzo
NApdhDiv4LjooDyiAVaptGmT4w6S4XieuCnAz58J7f/hHgx1CPPSrrzCYVAFeIAK
Seeyl45LoqyTkxK0uKs5savmhHHSNiTSo4tbpYoZ6nPwOzJorhWCxB2ozxNNu8V4
jHpgh9gOCDV/ZcMIVSzQlhVZZdpZ9hVevYIPVk/ZQSZ2ZoY0cfxcT6y9KPudaqFY
+fKtOm4enoBnQWsjvJUz
=Xd5Y
-----END PGP SIGNATURE-----

Current thread:

CVE request: incomplete fix for CVE-2013-4422 Pierre Schweitzer (Apr 27)
- Re: CVE request: incomplete fix for CVE-2013-4422 cve-assign (Apr 27)