CtcpParser::packedReply in src/core/ctcpparser.cpp in Quassel does not process
certain CTCP requests correctly, allowing a remote attacker connected to the
same IRC network as the victim to cause a Denial of Service condition by
sending specially crafted CTCP requests.
This flaw is fixed in git  and affects current Fedora releases.
Created quassel tracking bugs for this issue
Affects: fedora-all [bug 736869]
This was assigned the name CVE-2011-3354.
I am currently attempting to request maintainership of the Quassel package since it seems the current maintainer has been MIA (according to zodbot on irc) for over 20 weeks. See bug 736874 for the request.
Additionally, here is a Koji scratch build of Quassel 0.7.3: http://koji.fedoraproject.org/koji/taskinfo?taskID=3343840
No modification needed to the .spec file beyond bumping the version, if a provenpackager wants to push the update.
thanks for heads-up, I used my provenpacker foo and updates for all Fedora's are submitted to Bodhi.
This can be closed as the fix is out for a long time.