Added security fix for CVE-2015-8547

quassel.spec

@@ -1,12 +1,15 @@
 Name:    quassel
 Summary: A modern distributed IRC system
 Version: 0.11.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 
 License: GPLv2 or GPLv3
 Group:   Applications/Internet
 URL:     http://quassel-irc.org/
 Source0: http://quassel-irc.org/pub/quassel-%{version}.tar.bz2
+
+# Backported fix for CVE-2015-8547
+Patch0:  quassel_0.11.1_CVE-2015-8547.diff
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
 Buildrequires: cmake
@@ -60,6 +63,7 @@ Quassel client
 
 %prep
 %setup -q -n %{name}-%{version}
+%patch0 -p1
 
 %build
 mkdir build
@@ -117,6 +121,9 @@ gtk-update-icon-cache %{_kde4_iconsdir}/hicolor &> /dev/null || :
 
 
 %changelog
+* Tue Dec 15 2015 Christian Dersch <lupinix@mailbox.org> - 0.11.1-2
+- Added security fix for CVE-2015-8547
+
 * Sat Nov 07 2015 Christian Dersch <lupinix@fedoraproject.org> - 0.11.1-1
 - upgraded to 0.11.1
 - new upstream release obsoletes quassel-0.11.0-CTCP-query-crash.patch

quassel_0.11.1_CVE-2015-8547.diff

@@ -0,0 +1,12 @@
+diff -Naur quassel-0.11.1/src/core/coreuserinputhandler.cpp quassel-0.11.1.patched/src/core/coreuserinputhandler.cpp
+--- quassel-0.11.1/src/core/coreuserinputhandler.cpp	2015-04-23 23:00:06.000000000 +0200
++++ quassel-0.11.1.patched/src/core/coreuserinputhandler.cpp	2015-12-15 20:21:56.170741238 +0100
+@@ -232,7 +232,7 @@
+     if (!isNumber || maxModes == 0) maxModes = 1;
+ 
+     QStringList nickList;
+-    if (nicks == "*") { // All users in channel
++    if (nicks == "*" && bufferInfo.type() == BufferInfo::ChannelBuffer) { // All users in channel
+         const QList<IrcUser*> users = network()->ircChannel(bufferInfo.bufferName())->ircUsers();
+         foreach(IrcUser *user, users) {
+             if ((addOrRemove == '+' && !network()->ircChannel(bufferInfo.bufferName())->userModes(user).contains(mode))