Quassel: Multiple vulnerabilities — GLSA 201806-04

Multiple vulnerabilities have been found in Quassel, the worst of which could allow remote attackers to execute arbitrary code.

Affected Packages

net-irc/quassel on all architectures
Affected versions < 0.12.5
Unaffected versions >= 0.12.5

Background

Quassel is a Qt4/KDE4 IRC client suppporting a remote daemon for 24/7 connectivity.

Description

Multiple vulnerabilities have been discovered in Quassel. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could cause arbitrary code execution or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Quassel users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-irc/quassel-0.12.5"
 

References

Release Date
June 14, 2018

Latest Revision
June 14, 2018: 1

Severity
normal

Exploitable
remote

Bugzilla entries