-
quassel (1:0.12.4-2+deb9u1) stretch-security; urgency=high
* Backport upstream commit to implement a custom deserializer.
Fixes possible remote code execution. (Closes: #896914)
* Backport upstream commit to reject client logins before the core is
configured. Fixes a DoS vulnerability. (Closes: #896915)
* Backport upstream commit to fix OpenSSL detection with Qt 5.6 and GCC 5.
-- Felix Geyer <email address hidden> Sat, 28 Apr 2018 11:54:39 +0200
-
quassel (1:0.12.4-2) unstable; urgency=medium
* Fix FTBFS when building only architecture dependent packages.
-- Felix Geyer <email address hidden> Tue, 26 Apr 2016 19:10:51 +0200
-
quassel (1:0.12.3-1) unstable; urgency=medium
* New upstream release.
* Drop patches that have been applied upstream:
- 02_set-required-libs-and-flags.patch
- 04_fix_ftbfs_qt55.patch
- CVE-2015-8547.patch
-- Felix Geyer <email address hidden> Thu, 11 Feb 2016 21:38:13 +0100
-
quassel (1:0.12.2-3) unstable; urgency=high
* Fix CVE-2015-8547: op command denial of service issue (Closes: #807801)
- Add CVE-2015-8547.patch
-- Felix Geyer <email address hidden> Mon, 14 Dec 2015 21:25:33 +0100
-
quassel (1:0.12.2-2) unstable; urgency=medium
* Fix FTBFS with Qt 5.5. (Closes: #802868)
- Add 04_fix_ftbfs_qt55.patch
-- Felix Geyer <email address hidden> Thu, 29 Oct 2015 17:05:50 +0100
-
quassel (1:0.12.2-1) unstable; urgency=medium
[ Felix Geyer ]
* New upstream release. (Closes: #779726)
* Remove patches that have been applied upstream:
- CVE-2014-8483.patch
- CVE-2015-2778.patch
- CVE-2015-3427.patch
* Set maintainer to Debian KDE Extras Team.
* Add Vcs control fields pointing to the new git packaging repo.
(Closes: #732605)
* Drop explicit phonon depenencies, they are automatically added.
* Build quassel against Qt5 + KF5 libs instead of a Qt4 and a KDE4 variant.
(Closes: #784519)
- Remove quassel-data-kde4.
- Turn quassel-kde4 and quassel-client-kde4 into transitional packages.
* Enable parallel building.
* Pass --fail-missing to dh_install.
* Create the SSL certificate as user quasselcore to avoid a symlink race
condition. (Closes: #753737)
* Stop hardcoding the path to deluser / delgroup in postrm.
* Enable all hardening build flags.
* Build with -Wl,--as-needed.
* Fix detection of OpenSSL when building against Qt5.
- Add 02_set-required-libs-and-flags.patch from openSUSE.
* Work around missing icon theme fallback in KF5.
- Add 03_force_icon_theme.patch
- Add oxygen-icon-theme to quassel-data/Recommends.
[ Scott Kitterman ]
* Add systemd service file and associated changes for quasselcore.
-- Felix Geyer <email address hidden> Thu, 10 Sep 2015 22:44:32 +0200
-
quassel (1:0.10.0-2.4) unstable; urgency=high
* Non-maintainer upload.
* Fix CVE-2015-3427: SQL injection vulnerability in PostgreSQL backend.
(Closes: #783926)
- Add debian/patches/CVE-2015-3427.patch, cherry-picked from upstream.
- The original issue was CVE-2013-4422 which had an incomplete fix.
-- Felix Geyer <email address hidden> Tue, 05 May 2015 16:48:57 +0200
-
quassel (1:0.10.0-2.3) unstable; urgency=high
* Non-maintainer upload with maintainer's permission.
* Improve the message-splitting algorithm for PRIVMSG and CTCP. Original
patch from Michael Marley, backported by Steinar H. Gunderson. Fixes
CVE-2015-2778 and CVE-2015-2779. (Closes: #781024)
-- Olly Betts <email address hidden> Wed, 01 Apr 2015 11:41:28 +1300
