Re: [SECURITY] [DSA 3258-1] quassel security update

To: Dominic Hargreaves <dom@earth.li>
Cc: debian-security@lists.debian.org, thomas.mueller@tmit.eu
Subject: Re: [SECURITY] [DSA 3258-1] quassel security update
From: Paul Wise <pabs@debian.org>
Date: Wed, 13 May 2015 19:43:47 +0800
Message-id: <[🔎] CAKTje6Er0FBS=jZeGJb9TAoNZy5tEC=L9jKdWz=So9tNtyrDDQ@mail.gmail.com>
In-reply-to: <[🔎] 20150513092606.GF5148@urchin.earth.li>
References: <20150512194057.47E121AB@bendel.debian.org> <[🔎] 20150513092606.GF5148@urchin.earth.li>

On Wed, May 13, 2015 at 5:26 PM, Dominic Hargreaves wrote:

> As far as I can tell from
>
> https://security-tracker.debian.org/tracker/CVE-2013-4422
>
> wheezy wasn't affected by the original CVE since the version of QT
> there is < 4.8.5. Is that correct? If so, what's the right way to mark this
> fact in the security-tracker data?

Add something like the third line here to data/CVE/list:

CVE-2013-4422 (SQL injection vulnerability in Quassel IRC before
0.9.1, when Qt 4.8.5 ...)
  - quassel 0.9.1-1
  [wheezy] - quassel <not-affected> (Vulnerable code not present)

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 3258-1] quassel security update
  - From: Salvatore Bonaccorso <carnil@debian.org>

References:
- Re: [SECURITY] [DSA 3258-1] quassel security update
  - From: Dominic Hargreaves <dom@earth.li>

Prev by Date: Re: [SECURITY] [DSA 3258-1] quassel security update
Next by Date: Re: [SECURITY] [DSA 3258-1] quassel security update
Previous by thread: Re: [SECURITY] [DSA 3258-1] quassel security update
Next by thread: Re: [SECURITY] [DSA 3258-1] quassel security update
Index(es):
- Date
- Thread