A CVE was assigned for a security issue fixed in quassel 0.9.1: http://openwall.com/lists/oss-security/2013/10/11/3 Updated packages uploaded for Mageia 3 and Cauldron. Mageia 2 is not affected, as it has Qt 4.8.4. Advisory: ======================== Updated quassel packages fix security vulnerability: Quassel IRC before 0.9.1 is vulnerable to SQL injection if used with Qt 4.8.5, due to a change in Qt's postgres driver, allowing other IRC users to trick the Quassel core into executing SQL queries (CVE-2013-4422). This update provides Quassel 0.9.1, which fixes this and several other issues. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4422 http://quassel-irc.org/node/119 http://quassel-irc.org/node/120 ======================== Updated packages in core/updates_testing: ======================== quassel-0.9.1-1.mga3 quassel-common-0.9.1-1.mga3 quassel-client-0.9.1-1.mga3 quassel-core-0.9.1-1.mga3 from quassel-0.9.1-1.mga3.src.rpm Reproducible: Steps to Reproduce:
Testing complete mga3 32 & 64 Validating. Advisory uploaded. Could sysadmin please push from 3 core/updates_testing to updates Thanks!
Keywords: (none) => validated_updateWhiteboard: (none) => mga3-32-ok mga3-64-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2013-0311.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED