FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Quassel IRC -- SQL injection vulnerability

Affected packages
quassel < 0.11.1

Details

VuXML ID 49d9c28c-fbad-11e4-b0fb-00269ee29e57
Discovery 2015-04-23
Entry 2015-05-16

Quassel IRC developers report:

Restarting a PostgreSQL database while Quassel Core is running would not properly re-initialize the database session inside Quassel, bringing back an old security issue (CVE-2013-4422).

References

CVE Name CVE-2015-3427
URL https://github.com/quassel/quassel/commit/6605882f41331c80f7ac3a6992650a702ec71283