[Secure-testing-team] Bug#506550: quassel: IRC client command injection vulnerability
Eckhart Wörner
kde at ewsoftware.de
Sat Nov 22 14:13:43 UTC 2008
Package: quassel
Severity: grave
Tags: security
Justification: user security hole
Quassel version in Debian is vulnerable to IRC command injection as described in http://www.frsirt.com/english/advisories/2008/3164
Updated packages are already available at http://quassel.irc.org/ , according to quassel developers a backport for the fix is also available.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (400, 'unstable'), (100, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages quassel depends on:
ii libc6 2.7-16 GNU C Library: Shared libraries
ii libfontconfig1 2.6.0-3 generic font configuration library
ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib
ii libgcc1 1:4.3.2-1 GCC support library
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libpng12-0 1.2.27-2 PNG library - runtime
ii libqt4-network 4.4.3-1 Qt 4 network module
ii libqtcore4 4.4.3-1 Qt 4 core module
ii libqtgui4 4.4.3-1 Qt 4 GUI module
ii libsm6 2:1.0.3-2 X11 Session Management library
ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxi6 2:1.1.4-1 X11 Input extension library
ii libxrandr2 2:1.2.3-1 X11 RandR extension library
ii libxrender1 1:0.9.4-2 X Rendering Extension client libra
pn quassel-core <none> (no description available)
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
quassel recommends no packages.
quassel suggests no packages.
More information about the Secure-testing-team
mailing list