Mageia Bugzilla – Bug 11808
quassel new security issue CVE-2013-6404
Last modified: 2013-12-02 16:46:37 CET
A CVE has been assigned for a security issue fixed in quassel 0.9.2:
Information about the 0.9.2 release:
Steps to Reproduce:
Freeze push requested for Cauldron. Checked into SVN for Mageia 3.
quassel-0.9.2-1.mga4 uploaded for Cauldron. Mageia 3 update building now.
Updated quassel packages fix security vulnerability:
Security vulnerability in Quassel before 0.9.2 through which a manipulated, but
properly authenticated client was able to retrieve the backlog of other users
on the same core in some cases (CVE-2013-6404).
Updated packages in core/updates_testing:
Advisory 11808.adv committed to svn. No poc provided, so just need to test that
the update works.
Testing complete on Mageia 3 i586 and x86_64. Validating the update.
Someone from the sysadmin team please push 11808.adv to updates.