{"id":"MGASA-2015-0175","summary":"Updated quassel packages fix CVE-2015-3427","details":"Updated quassel packages fix security vulnerability:\n\nQuassel is vulnerable to SQL injection through its use of Qt's postgres driver.\nIf the PostgreSQL server is restarted or the connection is lost at any point,\nother IRC users may be able to trick the Quassel core into executing SQL\nqueries upon reconnection (CVE-2015-3427).\n","modified":"2026-04-16T06:22:20.501655908Z","published":"2015-04-30T21:57:25Z","upstream":["CVE-2015-3427"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0175.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15779"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2015/04/27/3"}],"affected":[{"package":{"name":"quassel","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/quassel?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.2-1.3.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0175.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}