Candidate: CVE-2015-3427
PublicDate: 2015-05-14 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3427
 http://quassel-irc.org/node/120
Description:
 Quassel before 0.12.2 does not properly re-initialize the database session
 when the PostgreSQL database is restarted, which allows remote attackers to
 conduct SQL injection attacks via a \ (backslash) in a message.  NOTE: this
 vulnerability exists because of an incomplete fix for CVE-2013-4422.
Ubuntu-Description:
Notes:
 tyhicks> Requires Quassel IRC before 0.9.1 and QT 4.8.5 or newer
Bugs:
 https://launchpad.net/bugs/1448911
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_quassel:
 upstream: https://github.com/quassel/quassel/commit/6605882f41331c80f7ac3a6992650a702ec71283
upstream_quassel: needed
lucid_quassel: ignored (reached end-of-life)
precise_quassel: not-affected (QT 4.8.1)
trusty_quassel: released (0.10.0-0ubuntu2.2)
trusty/esm_quassel: DNE (trusty was released [0.10.0-0ubuntu2.2])
utopic_quassel: released (0.10.1-0ubuntu1.2)
vivid_quassel: released (0.12.2-0ubuntu0.1)
devel_quassel: not-affected (0.12.1-0ubuntu1)