FS#71419 : [quassel-core] [Security] certificate verification bypass (CVE-2021-34825)

FS#71419 - [quassel-core] [Security] certificate verification bypass (CVE-2021-34825)

Attached to Project: Community Packages
Opened by Jonas Witschel (diabonas) - Friday, 02 July 2021, 13:20 GMT
Last edited by T.J. Townsend (blakkheim) - Saturday, 29 October 2022, 20:22 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Jaroslav Lichtblau (Dragonlord) Levente Polyak (anthraxx)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Summary
=======

The package quassel-core is vulnerable to certificate verification bypass via CVE-2021-34825.

Guidance
========

Applying the patch referenced below fixes the issue.

References
==========

https://security.archlinux.org/AVG-2079
https://bugs.quassel-irc.org/issues/1728
https://github.com/quassel/quassel/pull/581
https://github.com/quassel/quassel/commit/f20d380a36e11a7591dacbf0a62d7c11d997f9db

This task depends upon

Closed by T.J. Townsend (blakkheim)
Saturday, 29 October 2022, 20:22 GMT
Reason for closing: Fixed
Additional comments about closing: This was eventually fixed in 0.14.0, which is what we have now.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#71419 - [quassel-core] [Security] certificate verification bypass (CVE-2021-34825)

Details

Loading...