Candidate: CVE-2013-6404
PublicDate: 2013-12-09 16:36:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6404
 http://seclists.org/oss-sec/2013/q4/357
Description:
 Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly
 verify the user ID when accessing user backlogs, which allows remote
 authenticated users to read other users' backlogs via the bufferid in (1)
 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3)
 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/.
Ubuntu-Description:
Notes:
 mdeslaur> in precise, server component is in universe
Bugs:
 https://bugs.launchpad.net/ubuntu/lucid/+source/quassel/+bug/1255362
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_quassel:
 upstream: https://github.com/quassel/quassel/commit/a1a24da
Tags_quassel: universe-binary
upstream_quassel: released (0.9.2-1)
lucid_quassel: ignored (reached end-of-life)
precise_quassel: released (0.8.0-0ubuntu1.1)
quantal_quassel: released (0.8.0-0ubuntu2.1)
raring_quassel: ignored (reached end-of-life)
saucy_quassel: released (0.9.1-0ubuntu1.1)
devel_quassel: not-affected (0.9.2-0ubuntu1)