Your submission was sent successfully! Close

CVE-2013-6404

Published: 09 December 2013

Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/.

Priority

Low

Status

Package Release Status
quassel
Launchpad, Ubuntu, Debian
Upstream
Released (0.9.2-1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(0.9.2-0ubuntu1)
Patches:
Upstream: https://github.com/quassel/quassel/commit/a1a24da
Binaries built from this source package are in Universe and so are supported by the community.