Advisories » MGASA-2013-0311

Updated quassel packages fix CVE-2013-4422

Publication date: 17 Oct 2013
Modification date: 17 Oct 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4422

Description

Updated quassel packages fix security vulnerability:

Quassel IRC before 0.9.1 is vulnerable to SQL injection if used with Qt
4.8.5, due to a change in Qt's postgres driver, allowing other IRC users
to trick the Quassel core into executing SQL queries (CVE-2013-4422).

This update provides Quassel 0.9.1, which fixes this and several other
issues.
                

References

• http://quassel-irc.org/node/119
• http://quassel-irc.org/node/120
• https://bugs.mageia.org/show_bug.cgi?id=11443
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4422

SRPMS

3/core

• quassel-0.9.1-1.mga3