Bug 11443 - quassel new security issue CVE-2013-4422
Summary: quassel new security issue CVE-2013-4422
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 3
Hardware: i586 Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: mga3-32-ok mga3-64-ok
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2013-10-11 11:31 CEST by David Walser
Modified: 2013-10-17 22:06 CEST (History)
2 users (show)

See Also:
Source RPM: quassel-0.8.0-2.mga3.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2013-10-11 11:31:39 CEST
A CVE was assigned for a security issue fixed in quassel 0.9.1:
http://openwall.com/lists/oss-security/2013/10/11/3

Updated packages uploaded for Mageia 3 and Cauldron.

Mageia 2 is not affected, as it has Qt 4.8.4.

Advisory:
========================

Updated quassel packages fix security vulnerability:

Quassel IRC before 0.9.1 is vulnerable to SQL injection if used with Qt 4.8.5,
due to a change in Qt's postgres driver, allowing other IRC users to trick the
Quassel core into executing SQL queries (CVE-2013-4422).

This update provides Quassel 0.9.1, which fixes this and several other issues.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4422
http://quassel-irc.org/node/119
http://quassel-irc.org/node/120
========================

Updated packages in core/updates_testing:
========================
quassel-0.9.1-1.mga3
quassel-common-0.9.1-1.mga3
quassel-client-0.9.1-1.mga3
quassel-core-0.9.1-1.mga3

from quassel-0.9.1-1.mga3.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 claire robinson 2013-10-14 08:57:07 CEST
Testing complete mga3 32 & 64

Validating. Advisory uploaded.

Could sysadmin please push from 3 core/updates_testing to updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: (none) => mga3-32-ok mga3-64-ok
CC: (none) => sysadmin-bugs

Comment 2 Thomas Backlund 2013-10-17 22:06:38 CEST
Update pushed:
http://advisories.mageia.org/MGASA-2013-0311.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.