Описание
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| quassel | fixed | 0.9.1-1 | package | |
| quassel | no-dsa | wheezy | package | |
| quassel | not-affected | squeeze | package |
Примечания
Issue when used with Qt >= 4.8.5 and PostgreSQL >= 8.2
http://quassel-irc.org/node/120
http://bugs.quassel-irc.org/issues/1244
https://github.com/quassel/quassel/commit/aa1008be162cb27da938cce93ba533f54d228869
Caused by a change in Qt's postgres driver:
https://bugreports.qt-project.org/browse/QTBUG-30076
https://qt.gitorious.org/qt/qtbase/commit/e3c5351d06ce8a12f035cd0627356bc64d8c334a
EPSS
Связанные уязвимости
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
EPSS