Comment 15 for bug 1448911

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package quassel - 0.10.1-0ubuntu1.2

---------------
quassel (0.10.1-0ubuntu1.2) utopic-security; urgency=medium

  * SECURITY UPDATE: stack consumption vulnerability in message splitting code
    - debian/patches/CVE-2015-2778.patch: original patch from Michael Marley,
      backported by Steinar H. Gunderson
    - CVE-2015-2778 and CVE-2015-2779
  * SECURITY UPDATE: SQL injection vulnerability in PostgreSQL backend
    - debian/patches/CVE-2015-3427.patch: upstream patch
    - CVE-2015-3427
    - original issue was CVE-2013-4422 which had an incomplete fix
    - LP: #1448911

 -- Felix Geyer <email address hidden> Fri, 01 May 2015 18:46:52 +0200