A CVE has been assigned for a security issue fixed in quassel 0.9.2: http://www.openwall.com/lists/oss-security/2013/11/28/8 Information about the 0.9.2 release: http://freecode.com/projects/quassel/releases/359566 http://quassel-irc.org/node/123 Reproducible: Steps to Reproduce:
Freeze push requested for Cauldron. Checked into SVN for Mageia 3.
Whiteboard: (none) => MGA3TOO
quassel-0.9.2-1.mga4 uploaded for Cauldron. Mageia 3 update building now.
Version: Cauldron => 3Whiteboard: MGA3TOO => (none)
Advisory: ======================== Updated quassel packages fix security vulnerability: Security vulnerability in Quassel before 0.9.2 through which a manipulated, but properly authenticated client was able to retrieve the backlog of other users on the same core in some cases (CVE-2013-6404). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6404 http://freecode.com/projects/quassel/releases/359566 http://quassel-irc.org/node/123 http://www.openwall.com/lists/oss-security/2013/11/28/8 ======================== Updated packages in core/updates_testing: ======================== quassel-0.9.2-1.mga3 quassel-common-0.9.2-1.mga3 quassel-client-0.9.2-1.mga3 quassel-core-0.9.2-1.mga3 from quassel-0.9.2-1.mga3.src.rpm
Assignee: bugsquad => qa-bugs
Advisory 11808.adv committed to svn. No poc provided, so just need to test that the update works.
CC: (none) => davidwhodginsWhiteboard: (none) => advisory
Testing complete on Mageia 3 i586 and x86_64. Validating the update. Someone from the sysadmin team please push 11808.adv to updates.
Keywords: (none) => validated_updateWhiteboard: advisory => advisory MGA3-64-OK MGA3-32-OKCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2013-0362.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/575368/