On Wed, May 13, 2015 at 5:26 PM, Dominic Hargreaves wrote: > As far as I can tell from > > https://security-tracker.debian.org/tracker/CVE-2013-4422 > > wheezy wasn't affected by the original CVE since the version of QT > there is < 4.8.5. Is that correct? If so, what's the right way to mark this > fact in the security-tracker data?
Add something like the third line here to data/CVE/list: CVE-2013-4422 (SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 ...) - quassel 0.9.1-1 [wheezy] - quassel <not-affected> (Vulnerable code not present) -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/CAKTje6Er0FBS=jZeGJb9TAoNZy5tEC=L9jKdWz=so9tntyr...@mail.gmail.com
