FS#71419 - [quassel-core] [Security] certificate verification bypass (CVE-2021-34825)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Friday, 02 July 2021, 13:20 GMT
Last edited by T.J. Townsend (blakkheim) - Saturday, 29 October 2022, 20:22 GMT
Opened by Jonas Witschel (diabonas) - Friday, 02 July 2021, 13:20 GMT
Last edited by T.J. Townsend (blakkheim) - Saturday, 29 October 2022, 20:22 GMT
|
Details
Summary
======= The package quassel-core is vulnerable to certificate verification bypass via CVE-2021-34825. Guidance ======== Applying the patch referenced below fixes the issue. References ========== https://security.archlinux.org/AVG-2079 https://bugs.quassel-irc.org/issues/1728 https://github.com/quassel/quassel/pull/581 https://github.com/quassel/quassel/commit/f20d380a36e11a7591dacbf0a62d7c11d997f9db |
This task depends upon
Closed by T.J. Townsend (blakkheim)
Saturday, 29 October 2022, 20:22 GMT
Reason for closing: Fixed
Additional comments about closing: This was eventually fixed in 0.14.0, which is what we have now.
Saturday, 29 October 2022, 20:22 GMT
Reason for closing: Fixed
Additional comments about closing: This was eventually fixed in 0.14.0, which is what we have now.