Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 27 Apr 2015 11:16:06 +0200
From: Pierre Schweitzer <pierre@...ctos.org>
To: OSS Security List <oss-security@...ts.openwall.com>, 
 cve-assign@...re.org
Subject: CVE request: incomplete fix for CVE-2013-4422

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dear all,

It's been found that in Quassel, the CVE-2013-4422 was incorrectly
fixed and that core was still vulnerable to SQL injection on reconnection.

This has been fixed with commit:
https://github.com/quassel/quassel/commit/6605882f41331c80f7ac3a6992650a702ec71283

The incomplete bugfix had been released with Quassel 0.9.1:
http://quassel-irc.org/node/120

With my best regards,
- -- 
Pierre Schweitzer <pierre@...ctos.org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVPf5WAAoJEHVFVWw9WFsLidQP+QFVN33rAzw1OC7NRF1MW1yW
uKo11iRnjt2F+WRl+0MlJR2ev5b3VirlDs19pfyD/JVJCI13FKnr8LtqKcLFvGQ/
1XjQSKOPzoGttr2wvL84QkixjnsD4S6uVRwJvFyo8GoEbs5FTIGDLS8Jn8JqZaqG
HRX9apwYiKwYzThPAMkbAS8v8VTmNhYiUfjmLBZzncJiRbJCGd3GSe6Znjsx7Zj5
/Ge85szRnDrl/QFoW1G0w+Kcs4eyTtNaWoZftoblUqSNwe2/Wn77DKePOyQzClgh
efuzFZy/8X728AsywI8O0UlxcyBTe0xjXUoxPuflUVzX18ZVrFdkWTqUisSxtl9a
tCsm6TsXH3rSc/+fkgYvGUNADnv8koc5ej0KWHF/8LAkKhE8HwaehDHp2zVdfCnu
czDy62DKJc6AW8X1aqAccXA1CpSzH/s+fBA7SZeS4w8h2cpsLaOIGHmgxvHxApzo
NApdhDiv4LjooDyiAVaptGmT4w6S4XieuCnAz58J7f/hHgx1CPPSrrzCYVAFeIAK
Seeyl45LoqyTkxK0uKs5savmhHHSNiTSo4tbpYoZ6nPwOzJorhWCxB2ozxNNu8V4
jHpgh9gOCDV/ZcMIVSzQlhVZZdpZ9hVevYIPVk/ZQSZ2ZoY0cfxcT6y9KPudaqFY
+fKtOm4enoBnQWsjvJUz
=Xd5Y
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ