Eckhart Wörner
2008-Nov-22 14:13 UTC
[Secure-testing-team] Bug#506550: quassel: IRC client command injection vulnerability
Package: quassel Severity: grave Tags: security Justification: user security hole Quassel version in Debian is vulnerable to IRC command injection as described in http://www.frsirt.com/english/advisories/2008/3164 Updated packages are already available at http://quassel.irc.org/ , according to quassel developers a backport for the fix is also available. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, ''testing''), (400, ''unstable''), (100, ''experimental'') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages quassel depends on: ii libc6 2.7-16 GNU C Library: Shared libraries ii libfontconfig1 2.6.0-3 generic font configuration library ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib ii libgcc1 1:4.3.2-1 GCC support library ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library ii libpng12-0 1.2.27-2 PNG library - runtime ii libqt4-network 4.4.3-1 Qt 4 network module ii libqtcore4 4.4.3-1 Qt 4 core module ii libqtgui4 4.4.3-1 Qt 4 GUI module ii libsm6 2:1.0.3-2 X11 Session Management library ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3 ii libx11-6 2:1.1.5-2 X11 client-side library ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii libxi6 2:1.1.4-1 X11 Input extension library ii libxrandr2 2:1.2.3-1 X11 RandR extension library ii libxrender1 1:0.9.4-2 X Rendering Extension client libra pn quassel-core <none> (no description available) ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime quassel recommends no packages. quassel suggests no packages.