Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3258-1] quassel security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3258-1] quassel security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Alessandro Ghedini <ghedo AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3258-1] quassel security update
  • Date: Tue, 12 May 2015 21:40:49 +0200
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • Old-return-path: <alessandro AT ghedini.me>
  • Priority: urgent
  • Resent-date: Tue, 12 May 2015 19:41:07 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <_1RJu5uVadK.A.DQ.TdlUVB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3258-1 security AT debian.org
http://www.debian.org/security/ Alessandro Ghedini
May 12, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : quassel
CVE ID : CVE-2015-3427
Debian Bug : 783926

It was discovered that the fix for CVE-2013-4422 in quassel, a
distributed IRC client, was incomplete. This could allow remote
attackers to inject SQL queries after a database reconnection (e.g.
when the backend PostgreSQL server is restarted).

For the stable distribution (jessie), this problem has been fixed in
version 1:0.10.0-2.3+deb8u1.

For the testing distribution (stretch), this problem has been fixed in
version 1:0.10.0-2.4.

For the unstable distribution (sid), this problem has been fixed in
version 1:0.10.0-2.4.

We recommend that you upgrade your quassel packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVUldBAAoJEK+lG9bN5XPLS9wQAJe3WkLcWOYZkAaATpzGP8NX
cILGuG0lfyka7G2KJqLORd2rfF0GSVcu1FjtWaJ9v2/bUhjIziC1SHDuZ/1AndSi
0d15420cYMvbiE3eL2CqZzdv7Ac2VJ3LKsjHVzHMA5KJMV6wNtj3vPrpBqJHjpDj
Mg6BB5dRpdglohhb0x+3Ka/lff0awhRVJj6+iiCvtAOTqoMNqb6hykokqk7KY2s7
NMJ6Nsc08e+qKTl5yVVMSsY5nhPErvLzAS1SqSx5bLQYeHhDTRrblkHv99N9uewm
Q6OBPBS6Mn9RRFeC6Fqt8mEXw7ni3GFDbp30Ewxb4ynIbPFzz3q/vdIcrMiELz3x
Zh3Q6X70kmVNZFoPHLOqXydPHGK/N1dLlU5lOEE/XmVUkfSVB7VMINLR0e8vscoB
IiNWqPRg8yDW57IODXnijYtA7DTWnJa0LmEnbwTSteNHtx/u9rNyxLp4qElB6AxR
Q/cf6DaHkrXZ67/h2m4jVx6Ti8kYLEd5NRZSCcDQzZA8XkPcG8wNFJy4XjPjnwJz
jv/yXAChD/7LKI4pkIN+2SCHGFK78w9E3KOSM1E1Kav6nLlsDRs4u4M0d538h/Ra
oW/jr2zXdvVxArje4CQXQn4zcGFFbIkPjgrMn5YG+ViBlF+1UoKv4LDj2Ic4ftZw
P6ZxFH1JJMJIwpUcbjjV
=kvEl
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: 20150512194057.47E121AB AT bendel.debian.org">https://lists.debian.org/20150512194057.47E121AB AT bendel.debian.org



  • [IT-SecNots] [SECURITY] [DSA 3258-1] quassel security update, Alessandro Ghedini, 12.05.2015

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang