Advisories » MGASA-2015-0175

Updated quassel packages fix CVE-2015-3427

Publication date: 30 Apr 2015
Modification date: 30 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-3427

Description

Updated quassel packages fix security vulnerability:

Quassel is vulnerable to SQL injection through its use of Qt's postgres driver.
If the PostgreSQL server is restarted or the connection is lost at any point,
other IRC users may be able to trick the Quassel core into executing SQL
queries upon reconnection (CVE-2015-3427).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15779
• http://openwall.com/lists/oss-security/2015/04/27/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3427

SRPMS

4/core

• quassel-0.9.2-1.3.mga4