Advisories ยป MGASA-2013-0311

Updated quassel packages fix CVE-2013-4422

Publication date: 17 Oct 2013
Modification date: 17 Oct 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4422

Description

Updated quassel packages fix security vulnerability:

Quassel IRC before 0.9.1 is vulnerable to SQL injection if used with Qt
4.8.5, due to a change in Qt's postgres driver, allowing other IRC users
to trick the Quassel core into executing SQL queries (CVE-2013-4422).

This update provides Quassel 0.9.1, which fixes this and several other
issues.
                

References

SRPMS

3/core