lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20150512194057.47E121AB@bendel.debian.org>
Date: Tue, 12 May 2015 21:40:49 +0200
From: Alessandro Ghedini <ghedo@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3258-1] quassel security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3258-1                   security@...ian.org
http://www.debian.org/security/                        Alessandro Ghedini
May 12, 2015                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : quassel
CVE ID         : CVE-2015-3427
Debian Bug     : 783926

It was discovered that the fix for CVE-2013-4422 in quassel, a
distributed IRC client, was incomplete. This could allow remote
attackers to inject SQL queries after a database reconnection (e.g.
when the backend PostgreSQL server is restarted).

For the stable distribution (jessie), this problem has been fixed in
version 1:0.10.0-2.3+deb8u1.

For the testing distribution (stretch), this problem has been fixed in
version 1:0.10.0-2.4.

For the unstable distribution (sid), this problem has been fixed in
version 1:0.10.0-2.4.

We recommend that you upgrade your quassel packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVUldBAAoJEK+lG9bN5XPLS9wQAJe3WkLcWOYZkAaATpzGP8NX
cILGuG0lfyka7G2KJqLORd2rfF0GSVcu1FjtWaJ9v2/bUhjIziC1SHDuZ/1AndSi
0d15420cYMvbiE3eL2CqZzdv7Ac2VJ3LKsjHVzHMA5KJMV6wNtj3vPrpBqJHjpDj
Mg6BB5dRpdglohhb0x+3Ka/lff0awhRVJj6+iiCvtAOTqoMNqb6hykokqk7KY2s7
NMJ6Nsc08e+qKTl5yVVMSsY5nhPErvLzAS1SqSx5bLQYeHhDTRrblkHv99N9uewm
Q6OBPBS6Mn9RRFeC6Fqt8mEXw7ni3GFDbp30Ewxb4ynIbPFzz3q/vdIcrMiELz3x
Zh3Q6X70kmVNZFoPHLOqXydPHGK/N1dLlU5lOEE/XmVUkfSVB7VMINLR0e8vscoB
IiNWqPRg8yDW57IODXnijYtA7DTWnJa0LmEnbwTSteNHtx/u9rNyxLp4qElB6AxR
Q/cf6DaHkrXZ67/h2m4jVx6Ti8kYLEd5NRZSCcDQzZA8XkPcG8wNFJy4XjPjnwJz
jv/yXAChD/7LKI4pkIN+2SCHGFK78w9E3KOSM1E1Kav6nLlsDRs4u4M0d538h/Ra
oW/jr2zXdvVxArje4CQXQn4zcGFFbIkPjgrMn5YG+ViBlF+1UoKv4LDj2Ic4ftZw
P6ZxFH1JJMJIwpUcbjjV
=kvEl
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ