Candidate: CVE-2013-4422
PublicDate: 2013-10-23 16:54:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4422
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552374
 http://quassel-irc.org/node/120
Description:
 SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or
 later and PostgreSQL 8.2 or later are used, allows remote attackers to
 execute arbitrary SQL commands via a \ (backslash) in a message.
Ubuntu-Description:
Notes:
 jdstrand> per upstream, "This bug was a introduced due to a bugfix in Qt 4.8.5
  disables slash escaping when binding queries:
  https://bugreports.qt-project.org/browse/QTBUG-30076
 jdstrand> Ubuntu 13.04 and earlier do not have Qt 4.8.5
Bugs:
 https://bugs.launchpad.net/bugs/1238337
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_quassel:
 upstream: https://github.com/quassel/quassel/commit/27f6692cfc3bd2e873e01096e1197e1dca07b36a
upstream_quassel: needs-triage
lucid_quassel: ignored (reached end-of-life)
precise_quassel: not-affected
quantal_quassel: not-affected
raring_quassel: not-affected
devel_quassel: not-affected (0.9.1-0ubuntu1)