[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 3258-1] quassel security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3258-1                   security@debian.org
http://www.debian.org/security/                        Alessandro Ghedini
May 12, 2015                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : quassel
CVE ID         : CVE-2015-3427
Debian Bug     : 783926

It was discovered that the fix for CVE-2013-4422 in quassel, a
distributed IRC client, was incomplete. This could allow remote
attackers to inject SQL queries after a database reconnection (e.g.
when the backend PostgreSQL server is restarted).

For the stable distribution (jessie), this problem has been fixed in
version 1:0.10.0-2.3+deb8u1.

For the testing distribution (stretch), this problem has been fixed in
version 1:0.10.0-2.4.

For the unstable distribution (sid), this problem has been fixed in
version 1:0.10.0-2.4.

We recommend that you upgrade your quassel packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVUldBAAoJEK+lG9bN5XPLS9wQAJe3WkLcWOYZkAaATpzGP8NX
cILGuG0lfyka7G2KJqLORd2rfF0GSVcu1FjtWaJ9v2/bUhjIziC1SHDuZ/1AndSi
0d15420cYMvbiE3eL2CqZzdv7Ac2VJ3LKsjHVzHMA5KJMV6wNtj3vPrpBqJHjpDj
Mg6BB5dRpdglohhb0x+3Ka/lff0awhRVJj6+iiCvtAOTqoMNqb6hykokqk7KY2s7
NMJ6Nsc08e+qKTl5yVVMSsY5nhPErvLzAS1SqSx5bLQYeHhDTRrblkHv99N9uewm
Q6OBPBS6Mn9RRFeC6Fqt8mEXw7ni3GFDbp30Ewxb4ynIbPFzz3q/vdIcrMiELz3x
Zh3Q6X70kmVNZFoPHLOqXydPHGK/N1dLlU5lOEE/XmVUkfSVB7VMINLR0e8vscoB
IiNWqPRg8yDW57IODXnijYtA7DTWnJa0LmEnbwTSteNHtx/u9rNyxLp4qElB6AxR
Q/cf6DaHkrXZ67/h2m4jVx6Ti8kYLEd5NRZSCcDQzZA8XkPcG8wNFJy4XjPjnwJz
jv/yXAChD/7LKI4pkIN+2SCHGFK78w9E3KOSM1E1Kav6nLlsDRs4u4M0d538h/Ra
oW/jr2zXdvVxArje4CQXQn4zcGFFbIkPjgrMn5YG+ViBlF+1UoKv4LDj2Ic4ftZw
P6ZxFH1JJMJIwpUcbjjV
=kvEl
-----END PGP SIGNATURE-----


Reply to: