Fedora has issued an advisory on June 29: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/ Mageia 7 and Mageia 8 are also affected.
CC: (none) => geiger.david68210Whiteboard: (none) => MGA8TOO, MGA7TOOStatus comment: (none) => Patch available from Fedora
Removing Mageia 7 from whiteboard due to EOL: https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Whiteboard: MGA8TOO, MGA7TOO => MGA8TOO
Advisory: ======================== Updated quassel packages fix security vulnerability: Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system (CVE-2021-34825). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34825 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/ ======================== Updated packages in core/updates_testing: ======================== quassel-0.13.1-6.1.mga8 quassel-client-0.13.1-6.1.mga8 quassel-core-0.13.1-6.1.mga8 quassel-common-0.13.1-6.1.mga8 from quassel-0.13.1-6.1.mga8.src.rpm
Status comment: Patch available from Fedora => (none)Assignee: kde => qa-bugsVersion: Cauldron => 8Whiteboard: MGA8TOO => (none)
Advisory: ======================== Updated quassel packages fix security vulnerability: Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system (CVE-2021-34825). Also, the default IRC server has been changed from Freenode to Libera Chat, as upstream has moved their #quassel channel there. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34825 https://quassel-irc.org/node/136 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7ZFWRN5P2WG23MWMVAEVV3YBHGFJHDSW/ ======================== Updated packages in core/updates_testing: ======================== quassel-0.13.1-6.2.mga8 quassel-client-0.13.1-6.2.mga8 quassel-core-0.13.1-6.2.mga8 quassel-common-0.13.1-6.2.mga8 from quassel-0.13.1-6.2.mga8.src.rpm
Strange, my test on the 6.1 text has disappeared. Anyway, logged in to #mag-qa and could post, jybz answered, tx. OK or me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating.
Keywords: (none) => advisory, validated_updateCVE: (none) => CVE-2021-34825CC: (none) => ouaurelien, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0382.html
Status: NEW => RESOLVEDResolution: (none) => FIXED