On Tue, May 12, 2015 at 09:40:49PM +0200, Alessandro Ghedini wrote: > It was discovered that the fix for CVE-2013-4422 in quassel, a > distributed IRC client, was incomplete. This could allow remote > attackers to inject SQL queries after a database reconnection (e.g. > when the backend PostgreSQL server is restarted). > > For the stable distribution (jessie), this problem has been fixed in > version 1:0.10.0-2.3+deb8u1. > > For the testing distribution (stretch), this problem has been fixed in > version 1:0.10.0-2.4. > > For the unstable distribution (sid), this problem has been fixed in > version 1:0.10.0-2.4.
As far as I can tell from https://security-tracker.debian.org/tracker/CVE-2013-4422 wheezy wasn't affected by the original CVE since the version of QT there is < 4.8.5. Is that correct? If so, what's the right way to mark this fact in the security-tracker data? Cheers, Dominic. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
