quassel (1:0.10.0-2.3+deb8u4) jessie-security; urgency=high * Backport upstream commit to implement a custom deserializer. Fixes possible remote code execution. (Closes: #896914) * Backport upstream commit to reject client logins before the core is configured. Fixes a DoS vulnerability. (Closes: #896915) -- Felix Geyer Sat, 28 Apr 2018 11:54:10 +0200 quassel (1:0.10.0-2.3+deb8u3) jessie; urgency=medium * Non-maintainer upload. * Fix CVE-2016-4414: remote DoS in quassel core with invalid handshake data. (Closes: #826402) - Add debian/patches/CVE-2016-4414.patch, cherry-picked from upstream. -- Pierre Schweitzer Sun, 05 Jun 2016 12:41:35 +0200 quassel (1:0.10.0-2.3+deb8u2) jessie; urgency=high * Non-maintainer upload. * Fix CVE-2015-8547: remote DoS in quassel core, using /op * command. (Closes: #807801) - Add debian/patches/CVE-2015-8547.patch, cherry-picked from upstream. -- Pierre Schweitzer Sun, 13 Dec 2015 11:04:05 +0100 quassel (1:0.10.0-2.3+deb8u1) jessie-security; urgency=high * Fix CVE-2015-3427: SQL injection vulnerability in PostgreSQL backend. (Closes: #783926) - Add debian/patches/CVE-2015-3427.patch, cherry-picked from upstream. - The original issue was CVE-2013-4422 which had an incomplete fix. -- Felix Geyer Sun, 10 May 2015 16:41:30 +0200 quassel (1:0.10.0-2.3) unstable; urgency=high * Non-maintainer upload with maintainer's permission. * Improve the message-splitting algorithm for PRIVMSG and CTCP. Original patch from Michael Marley, backported by Steinar H. Gunderson. Fixes CVE-2015-2778 and CVE-2015-2779. (Closes: #781024) -- Olly Betts Wed, 01 Apr 2015 11:41:28 +1300 quassel (1:0.10.0-2.2) unstable; urgency=high * Non-maintainer upload. * Increment Debian revision and epoch to re-upload 0.10.0-2.1 to unstable containing the fix for #766962 / CVE-2014-8483: out-of-bounds read in ECB Blowfish decryption. -- Salvatore Bonaccorso Sat, 08 Nov 2014 14:14:56 +0100 quassel (0.10.0-2.1) unstable; urgency=high * Non-maintainer upload. * Add CVE-2014-8483.patch patch. CVE-2014-8483: out-of-bounds read in ECB Blowfish decryption. (Closes: #766962) -- Salvatore Bonaccorso Sun, 02 Nov 2014 19:10:58 +0100 quassel (0.10.0-2) unstable; urgency=low * Fixing security issue where quassel core certificate is readable by all local users - Change permissions of /var/lib/quassel/quasselCert.pem - Add debian/NEWS to notify the admin to change the certificate -- Thomas Mueller Fri, 04 Jul 2014 17:15:10 +0200 quassel (0.10.0-1) unstable; urgency=low * New upstream release * Debian policy to 3.9.5 * Don't create 1024 bit key (Closes: #732728) * Start quaselcore after databases (Closes: #701943) -- Thomas Mueller Fri, 09 May 2014 17:42:19 +0200 quassel (0.9.2-1) unstable; urgency=low * New upstream release * Increase debhelper compat to 9 - supporting hardening now -- Thomas Mueller Tue, 26 Nov 2013 22:53:55 +0100 quassel (0.9.1-1) unstable; urgency=low * New upstream release -- Thomas Mueller Tue, 05 Nov 2013 17:39:26 +0100 quassel (0.8.0-1) unstable; urgency=low * New upstream release * Debian Policy to 3.9.3 -- Thomas Mueller Wed, 25 Apr 2012 00:02:51 +0200 quassel (0.7.3-2.1) unstable; urgency=low * Non-maintainer upload. * Fix "fails to upgrade from squeeze": test for existence of to-be-moved file in quassel-core.preinst; and use -p for mkdir to avoid errors when the directory exists, like after failed upgrades. (Closes: #655844) -- gregor herrmann Tue, 10 Apr 2012 19:02:42 +0200 quassel (0.7.3-2) unstable; urgency=medium * Change Build-Depends of the package from libpng12-dev to libpng-dev. (Closes: #662486) -- Thomas Mueller Mon, 05 Mar 2012 09:27:50 +0100 quassel (0.7.3-1) unstable; urgency=medium * New upstream release * Translation update * Fixing security issue: ctcp DoS (Closes: #640960) -- Thomas Mueller Fri, 09 Sep 2011 19:00:55 +0000 quassel (0.7.2-2) unstable; urgency=low * DATADIR set to new location /var/lib/ (Closes: #629507) -- Thomas Mueller Tue, 07 Jun 2011 19:01:51 +0000 quassel (0.7.2-1) unstable; urgency=low * New upstream release (Closes: #629393) * Clients no longer recommend quassel-core (Closes: #622904) * Debian Policy to 3.9.2 * quassel-core.preinst added - taken from Ubuntu (Closes: #612042) Thanks to Scott Kitterman -- Thomas Mueller Mon, 06 Jun 2011 20:40:24 +0200 quassel (0.7.1-4) unstable; urgency=low * 0.7.1-3 lost the kfreebsd patch of 0.7.1-2 -- Thomas Mueller Thu, 14 Apr 2011 20:08:27 +0200 quassel (0.7.1-3) unstable; urgency=low * Build-dependency qt4-dev-tools added (Closes: #613599) * Build-dependency libqtwebkit-dev added (Closes: #622273) * Build-dependency libdbusmenu-qt-dev added * Build-dependency libindicate-qt-dev added -- Thomas Mueller Tue, 12 Apr 2011 22:40:46 +0200 quassel (0.7.1-2) unstable; urgency=low * Patch added to fix kfreebsd builds (Closes: #620542) -- Thomas Mueller Mon, 11 Apr 2011 21:44:34 +0200 quassel (0.7.1-1.1) unstable; urgency=low * Non-maintainer upload with maintainer permission. * Do not hardcode kdelibs5 and kdebase-runtime in quassel-client-kde4 and quassel-kde4 Depends (Closes: #616026). kdelibs5 has been deprecated and will be removed soon while kdebase-runtime is added via shlibs as needed. -- Modestas Vainius Wed, 30 Mar 2011 18:59:12 +0300 quassel (0.7.1-1) unstable; urgency=low * New upstream release -- Thomas Mueller Tue, 21 Sep 2010 19:59:07 +0200 quassel (0.7.0-1) unstable; urgency=low * New upstream release -- Thomas Mueller Sat, 18 Sep 2010 19:19:40 +0200 quassel (0.6.1-2) unstable; urgency=low * add dependency to gawk (closes: #592455) * remove manageusers.py (closes: #590644) * man pages updated (closes: #590643) * dump Debian Policy to 3.9.1 -- Thomas Mueller Sun, 15 Aug 2010 23:11:16 +0200 quassel (0.6.1-1) unstable; urgency=low * New upstream release * Switch to dpkg-source 3.0 (quilt) format * desktop notification have been reimplemented (closes: #562974) -- Thomas Mueller Wed, 21 Apr 2010 20:11:17 +0200 quassel (0.5.2-3) unstable; urgency=low * missing name changes quassel-core - in init and default -- Thomas Mueller Thu, 18 Feb 2010 17:12:06 +0100 quassel (0.5.2-2) unstable; urgency=low * Re-include init script into (closes: #569942) * Fixing lintian error init.d-script-missing-dependency-on-remote_fs -- Thomas Mueller Thu, 18 Feb 2010 17:11:18 +0100 quassel (0.5.2-1) unstable; urgency=low * New upstream release (closes: #556309) * Fixing minor lintian warnings: - copyright-with-old-dh-make-debian-copyright - duplicate-long-description - quilt-patch-missing-description * package descriptions have been reviewed by debian-i10n-english * fixing dependencies - thanks to puiparts: - quassel-client: phonon - quassel: phonon - quassel-kde4: kdebase-runtime, kdelibs5 - quassel-client-kde4: kdebase-runtime, kdelibs5 -- Thomas Mueller Mon, 01 Feb 2010 23:41:05 +0100 quassel (0.5.1-3) unstable; urgency=low * Conflict dependency added between quassel-data and quassel-data- kde4(closes: #566097) -- Thomas Mueller Thu, 21 Jan 2010 20:36:09 +0100 quassel (0.5.1-2) unstable; urgency=low * KDE4 support enabled (closes: #561795) - package quassel-kde4 (monolithic client with KDE) has been added - package quassel-client-kde4 (client with KDE) has been added - package quassel-data-kde4 (data files) has been added * switch from cdbs to debhelper - basic idea taken from the ubuntu package thanks guys * quilt is used as patch system now -- Thomas Mueller Thu, 11 Jan 2010 12:52:45 +0100 quassel (0.5.1-1) unstable; urgency=low * New upstream release * dbus-x11 dependency moved to quasselclient & quassel (closes: #552061) * remove deprecated usage of argument -datadir (closes: #552373) -- Thomas Mueller Sun, 22 Nov 2009 23:44:04 +0100 quassel (0.5.0-1) unstable; urgency=low * New upstream release -- Thomas Mueller Thu, 22 Oct 2009 22:19:05 +0200 quassel (0.5.0~rc2-1) experimental; urgency=low * New upstream release (rc2) * Make puiparts happy (closes: #538182) * manageusers.py added (closes: #549296) -- Thomas Mueller Mon, 05 Oct 2009 23:13:06 +0200 quassel (0.4.2-1) unstable; urgency=low * New upstream release * watch file looks to the *.tar.bz2 directly no longer scanning the html page -- Thomas Mueller Thu, 28 May 2009 21:42:24 +0200 quassel (0.4.1-1) unstable; urgency=low * New upstream release -- Thomas Mueller Sun, 29 Mar 2009 12:51:42 +0200 quassel (0.4.0-1) unstable; urgency=low * New upstream release * repackaging no longer necessary, because svgz of oxygen icons have been added to the source tarball: - debian/repack.sh removed - debian/README.source removed - debian/watch adjusted - debian/rules: get-orig-source removed * debian/copyright updated: license for oxygen icons added * debian/quassel-core.logrotate added * debian/patcher/01_default_network_channel.patch added -- Thomas Mueller Wed, 18 Feb 2009 22:14:23 +0100 quassel (0.3.1+dfsg-3) unstable; urgency=low * fixing bug on upgrade (closes: #513677) * 'set -e' removed from ini script * cleanup in quassel-core.postrm -- Thomas Mueller Wed, 11 Feb 2009 21:14:33 +0100 quassel (0.3.1+dfsg-2) unstable; urgency=low * init script added (closes: #513677) * user and group for the daemon added (closes: #513677) * ssl certificate has been added (closes: #511169) All scripts are based on the ubuntu package thanks to Harald Sitter * Version in manpages have been adjusted. -- Thomas Mueller Mon, 10 Feb 2009 23:13:25 +0100 quassel (0.3.1+dfsg-1) unstable; urgency=low * New upstream release * upstream update to 0.3.0.3 (closes: #498283) * upstream update to 0.3.0.1 (closes: #498283) * watch file added - thx to Per Hausen * Downgrade quasselclient's dependency on quasselcore (closes: #503126) The packages quassel-client and quassel-core can be installed separately now. The package quassel is a dummy package, which installs client and core. * Additional package for the monolithic client. * Repackaging orig.tar.gz to remove the oxygen icons. They are no longer needed because we go for the locally installed oxygen icons of the package kde-icons-oxygen. * License for oxygen removed, because it is no longer part of the package. * debian/repack.sh added + bz2 handling * debian/README.source * debian/watch changed to handle repackaging * debian/patches removed - no need to patch anything at the moment * debian/control: dependeny libqt4-sql-sqlite added -- Thomas Mueller Tue, 08 Jan 2009 01:44:23 +0100 quassel (0.2~rc1-1) unstable; urgency=low * download link in copyright changed * manpage warnings removed * update to debian policy 3.8 * upstream update to 0.2.0-rc1 -- Thomas Mueller Mon, 07 Jul 2008 20:56:53 +0100 quassel (0.2~beta1-1) unstable; urgency=low * svg files for oxygen icons added src/icons/oxygen/scalable * upstream update to 0.2.0-beta1 -- Thomas Mueller Mon, 02 Jun 2008 20:27:28 +0100 quassel (0.2~alpha5-1) unstable; urgency=low * svgz files for oxygen icons added src/icons/oxygen/scalable * upstream update to 0.2.0-alpha5 -- Thomas Mueller Mon, 21 Apr 2008 22:20:18 +0100 quassel (0.2~alpha2-3) unstable; urgency=low * debian/copyright updated: license for oxygen icons added -- Thomas Mueller Mon, 24 Mar 2008 20:01:18 +0100 quassel (0.2~alpha2-2) unstable; urgency=low * debian/copyright updated -- Thomas Mueller Wed, 12 Mar 2008 21:48:12 +0100 quassel (0.2~alpha2-1) unstable; urgency=low * Debianized -- Thomas Mueller Sun, 02 Mar 2008 11:40:43 +0100 quassel (0.2~alpha2-0ubuntu1~hardy1~ppa1) hardy; urgency=low * Hardy PPA Build -- Harald Sitter Sat, 01 Mar 2008 21:05:03 +0100 quassel (0.2~alpha2-0ubuntu1) ibex; urgency=low * Initial release (LP: #195861) -- Harald Sitter Sat, 23 Feb 2008 14:22:06 +0100