** Description changed: Bug fixed in 0.12.2 is an old CVE that re-occurred: Previously, the initDbSession() function would only be run on the initial connect. Since the initDbSession() code in PostgreSQL is used to fix the CVE-2013-4422 SQL Injection bug, this means that Quassel was still vulnerable to that CVE if the PostgreSQL server is restarted or the connection is lost at any point while Quassel is running. This bug also causes the Qt5 psql timezone fix to stop working after a reconnect. The fix is to disable Qt's automatic reconnecting, check the connection status ourselves, and reconnect if necessary, executing the initDbSession() function afterward. https://github.com/quassel/quassel/commit/6605882f41331c80f7ac3a6992650a702ec71283 + + TEST CASE: + 15:22 < mamarley> Yeah, restart PostgreSQL and do something that will cause backlog messages to be recorded. Then, restart the quasselclient and make sure those backlog messages have the correct timestamp.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1448911 Title: Execute initDbSession() on DB reconnects To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1448911/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
