CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows remote attackers to spoof IRC messages as other users via a crafted CTCP message.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=506550
quassel-irc.org/node/89
secunia.com/advisories/32470
secunia.com/advisories/32692
wouter.coekaerts.be/site/security/quassel-ctcp
www.securityfocus.com/archive/1/497882/30/0/threaded
www.securityfocus.com/archive/1/497884
www.securityfocus.com/bid/31973
www.vupen.com/english/advisories/2008/3164
exchange.xforce.ibmcloud.com/vulnerabilities/46195
www.redhat.com/archives/fedora-package-announce/2008-November/msg00354.html