A security issue has been detected and already fixed in quassel trunk and the 0.3 branch see [1,2]. Excerpt from #quassel irc channel: [16:44:49] <EgS> sph_: you can pass an arbitrary parameter to ctcp ping that the client has to return unmodified, the issue was, that you could pass a ctcp quoted new line as this param, quassel would decode that param, but not requote it, thus making the newline a proper irc command delimiter, so you could make quassel send out arbitrary irc commands [1] http://git.quassel-irc.org/?p=quassel.git;a=commit;h=b0a1b40f41bcba8bca231235c40c9c6d9ead2432 [2] http://git.quassel-irc.org/?p=quassel.git;a=commit;h=b0093f9b36d95424ab2480de0da22b00a3ebf533
Created attachment 169920 [details, diff] quassel-0.3.0.2-ctcp-quoting.patch Patch to fix the issue.
Created attachment 169921 [details, diff] quassel-0.3.0.2.diff tiff to ebuild which applies the above patch.
Added new release 0.3.0.3 instead