Launchpad.net

CVE 2015-3427

Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.

Related bugs and status

CVE-2015-3427 (Candidate) is related to these bugs:

Bug #1448911: Execute initDbSession() on DB reconnects

		In	Importance	Status
1448911	Execute initDbSession() on DB reconnects	quassel (Ubuntu)	Undecided	Fix Released
1448911	Execute initDbSession() on DB reconnects	quassel (Ubuntu Vivid)	Undecided	Fix Released
1448911	Execute initDbSession() on DB reconnects	quassel (Ubuntu Wily)	Undecided	Fix Released
1448911	Execute initDbSession() on DB reconnects	quassel (Ubuntu Utopic)	Undecided	Fix Released
1448911	Execute initDbSession() on DB reconnects	quassel (Ubuntu Trusty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.quassel-irc...
DEBIAN: DSA-3258
BID: 74339