Overview

File fix-CVE-2013-6404.diff of Package quassel.openSUSE_13.1_Update

Index: quassel-0.9.1/src/core/SQL/PostgreSQL/16/select_buffer_by_id.sql
===================================================================
--- quassel-0.9.1.orig/src/core/SQL/PostgreSQL/16/select_buffer_by_id.sql
+++ quassel-0.9.1/src/core/SQL/PostgreSQL/16/select_buffer_by_id.sql
@@ -1,3 +1,3 @@
 SELECT bufferid, networkid, buffertype, groupid, buffername
 FROM buffer
-WHERE bufferid = :bufferid
+WHERE userid = :userid AND bufferid = :bufferid
Index: quassel-0.9.1/src/core/SQL/PostgreSQL/16/update_network.sql
===================================================================
--- quassel-0.9.1.orig/src/core/SQL/PostgreSQL/16/update_network.sql
+++ quassel-0.9.1/src/core/SQL/PostgreSQL/16/update_network.sql
@@ -17,4 +17,4 @@ rejoinchannels = :rejoinchannels,
 usesasl = :usesasl,
 saslaccount = :saslaccount,
 saslpassword = :saslpassword
-WHERE networkid = :networkid
+WHERE userid = :userid AND networkid = :networkid
Index: quassel-0.9.1/src/core/SQL/SQLite/17/select_buffer_by_id.sql
===================================================================
--- quassel-0.9.1.orig/src/core/SQL/SQLite/17/select_buffer_by_id.sql
+++ quassel-0.9.1/src/core/SQL/SQLite/17/select_buffer_by_id.sql
@@ -1,3 +1,3 @@
 SELECT bufferid, networkid, buffertype, groupid, buffername
 FROM buffer
-WHERE bufferid = :bufferid
+WHERE bufferid = :bufferid AND userid = :userid
openSUSE Build Service is sponsored by
Places