Re: [SECURITY] [DSA 3258-1] quassel security update
On Wed, May 13, 2015 at 5:26 PM, Dominic Hargreaves wrote:
> As far as I can tell from
>
> https://security-tracker.debian.org/tracker/CVE-2013-4422
>
> wheezy wasn't affected by the original CVE since the version of QT
> there is < 4.8.5. Is that correct? If so, what's the right way to mark this
> fact in the security-tracker data?
Add something like the third line here to data/CVE/list:
CVE-2013-4422 (SQL injection vulnerability in Quassel IRC before
0.9.1, when Qt 4.8.5 ...)
- quassel 0.9.1-1
[wheezy] - quassel <not-affected> (Vulnerable code not present)
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: