diff -Nru quassel-0.7.2/debian/changelog quassel-0.7.2/debian/changelog
--- quassel-0.7.2/debian/changelog	2011-09-09 17:34:43.000000000 +0200
+++ quassel-0.7.2/debian/changelog	2011-09-26 18:41:26.000000000 +0200
@@ -1,3 +1,11 @@
+quassel (0.7.2-0ubuntu2.3) natty-security; urgency=low
+
+  * SECURITY UPDATE: data and log dir are world-readable (LP: #846922)
+    - Set permissions of /var/lib/quassel and /var/log/quassel to 750.
+    - Set permissions of /var/lib/quassel/quasselCert.pem to 640.
+
+ -- Felix Geyer <debfx-pkg@fobos.de>  Mon, 26 Sep 2011 18:41:25 +0200
+
 quassel (0.7.2-0ubuntu2.2) natty-security; urgency=low
 
   * SECURITY UPDATE: DoS in CTCP parser (LP: #845707)
diff -Nru quassel-0.7.2/debian/quassel-core.postinst quassel-0.7.2/debian/quassel-core.postinst
--- quassel-0.7.2/debian/quassel-core.postinst	2011-03-24 15:22:48.000000000 +0100
+++ quassel-0.7.2/debian/quassel-core.postinst	2011-09-20 13:41:40.000000000 +0200
@@ -28,10 +28,12 @@
   --home $QUASSEL_HOME --no-create-home $QUASSEL_USER )
 
   chown $QUASSEL_USER:$QUASSEL_GROUP $QUASSEL_HOME
+  chmod 750 $QUASSEL_HOME
 
   echo "Creating $QUASSEL_LOG directory ..."
   mkdir -p $QUASSEL_LOG
   chown $QUASSEL_USER:$QUASSEL_GROUP -R $QUASSEL_LOG
+  chmod 750 $QUASSEL_LOG
 fi
 
 # generate a SSL certificate for 18 months (support time) + 6 months (development time)
@@ -43,6 +45,7 @@
   openssl req -x509 -nodes -batch -days 680 -newkey rsa:1024 -keyout \
     $QUASSEL_HOME/quasselCert.pem -out $QUASSEL_HOME/quasselCert.pem
   chown $QUASSEL_USER:$QUASSEL_GROUP $QUASSEL_HOME/quasselCert.pem
+  chmod 640 $QUASSEL_HOME/quasselCert.pem
 fi
 
 #DEBHELPER#
diff -Nru quassel-0.7.2/debian/quassel-core.preinst quassel-0.7.2/debian/quassel-core.preinst
--- quassel-0.7.2/debian/quassel-core.preinst	2011-05-05 18:46:10.000000000 +0200
+++ quassel-0.7.2/debian/quassel-core.preinst	2011-09-20 13:44:40.000000000 +0200
@@ -22,6 +22,15 @@
         chown quasselcore:quassel /var/lib/quassel/
       fi
     fi
+    if [ -d "/var/lib/quassel/" ]; then
+      chmod 750 /var/lib/quassel/
+    fi
+    if [ -d "/var/log/quassel/" ]; then
+      chmod 750 /var/log/quassel/
+    fi
+    if [ -f "/var/lib/quassel/quasselCert.pem" ]; then
+      chmod 640 /var/lib/quassel/quasselCert.pem
+    fi
 
 # dh_installdeb will replace this with shell code automatically
 # generated by other debhelper scripts.