Ubuntu
quassel package

TBD Security Bug - Fix Expected This Weekend

  1. Quantal (12.10)
  2. Bug #1238337
Bug #1238337 reported by Scott Kitterman
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
quassel (Ubuntu)
Fix Released
High
Scott Kitterman
Lucid
Won't Fix
Low
Unassigned
Precise
Won't Fix
Medium
Unassigned
Quantal
Won't Fix
Low
Unassigned
Raring
Won't Fix
Low
Unassigned
Saucy
Fix Released
High
Scott Kitterman

Bug Description

I was informed via IRC PM that there is a security fix for Quassel coming this weekend. That's all I know.

CVE References

Revision history for this message
Scott Kitterman (kitterman) wrote :

Not private now.

https://github.com/quassel/quassel/commit/27f6692cfc3bd2e873e01096e1197e1dca07b36a

This is only an issue for quassel + Qt 4.8.5, which we don't have yet, but expect for 14.04. This should be fixed in 12.04 and 13.10 to avoid data corruption in local backports and to make sure there aren't any issues on upgrade to 14.04. The fix is in saucy (to be 13.10) already.

information type: Private Security → Public Security
Changed in quassel (Ubuntu Saucy):
status: New → Fix Released
importance: Undecided → High
assignee: nobody → Scott Kitterman (kitterman)
Changed in quassel (Ubuntu Quantal):
importance: Undecided → Low
Changed in quassel (Ubuntu Raring):
importance: Undecided → Low
Changed in quassel (Ubuntu Quantal):
status: New → Won't Fix
Changed in quassel (Ubuntu Raring):
status: New → Won't Fix
Changed in quassel (Ubuntu Precise):
status: New → Triaged
importance: Undecided → Medium
Changed in quassel (Ubuntu Lucid):
status: New → Won't Fix
importance: Undecided → Low
Revision history for this message
Scott Kitterman (kitterman) wrote :

Will you process this through -security for 12.04 (it's in Main) or should I pursue SRU?

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Since 12.04 LTS has qt4-x11 4:4.8.1-0ubuntu4.4, it is not affected by the security issue, this should go through SRU if you want if fixed there. Thanks.

Revision history for this message
Steve Langasek (vorlon) wrote :

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in quassel (Ubuntu Precise):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.