A CVE has been assigned for a security issue fixed upstream in Quassel:
Patch checked into Mageia 4 and Cauldron SVN. Freeze push requested for Cauldron.
Steps to Reproduce:
Patched packages uploaded for Mageia 4 and Cauldron.
This fix is due to an incorrect/incomplete fix for CVE-2013-4422 (Bug 11443).
Updated quassel packages fix security vulnerability:
Quassel is vulnerable to SQL injection through its use of Qt's postgres driver.
If the PostgreSQL server is restarted or the connection is lost at any point,
other IRC users may be able to trick the Quassel core into executing SQL
queries upon reconnection (CVE-2015-3427).
Updated packages in core/updates_testing:
MGA5TOO, MGA4TOO =>
Working fine Mageia 4 i586.
Testing complete mga4 64
Validating. Advisory uploaded.
Please push to 4 updates
advisory MGA4-32-OK mga4-64-okCC:
An update for this issue has been pushed to Mageia Updates repository.