A CVE has been assigned for a security issue fixed upstream in Quassel: http://openwall.com/lists/oss-security/2015/04/27/3 Patch checked into Mageia 4 and Cauldron SVN. Freeze push requested for Cauldron. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
Patched packages uploaded for Mageia 4 and Cauldron. This fix is due to an incorrect/incomplete fix for CVE-2013-4422 (Bug 11443). Advisory: ======================== Updated quassel packages fix security vulnerability: Quassel is vulnerable to SQL injection through its use of Qt's postgres driver. If the PostgreSQL server is restarted or the connection is lost at any point, other IRC users may be able to trick the Quassel core into executing SQL queries upon reconnection (CVE-2015-3427). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3427 http://openwall.com/lists/oss-security/2015/04/27/3 ======================== Updated packages in core/updates_testing: ======================== quassel-0.9.2-1.3.mga4 quassel-common-0.9.2-1.3.mga4 quassel-client-0.9.2-1.3.mga4 quassel-core-0.9.2-1.3.mga4 from quassel-0.9.2-1.3.mga4.src.rpm
Whiteboard: MGA5TOO, MGA4TOO => (none)Version: Cauldron => 4Assignee: bugsquad => qa-bugs
Working fine Mageia 4 i586.
Whiteboard: (none) => MGA4-32-OK
Testing complete mga4 64 Validating. Advisory uploaded. Please push to 4 updates Thanks
CC: (none) => sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: MGA4-32-OK => advisory MGA4-32-OK mga4-64-ok
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0175.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/642884/