oss-sec mailing list archives
Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug
From: Raphael Geissert <geissert () debian org>
Date: Fri, 02 Jul 2010 11:45:20 -0500
Hi Jan, everyone, Jan Lieskovsky wrote:
Luigi Auriemma reported: [1] http://aluigi.altervista.org/adv/mumbleed-adv.txt a deficiency in the way Mumble server processed malformed SQL query data. A remote, authenticated user could use this flaw to cause denial of service (mumble server termination) via specially-crafted QueryUsers Qt SQLite SQL query.
He also reported another vulnerability in Qt4's SSL support: http://aluigi.altervista.org/adv/qtsslame-adv.txt (reported to the Debian maintainers in http://bugs.debian.org/587711) Could a CVE be assigned for this other issue too? Thanks. Regards, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Jan Lieskovsky (Jul 02)
- Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Luigi Auriemma (Jul 02)
- Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Raphael Geissert (Jul 02)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 16)
- Re: Qt SSL endless loop Josh Bressers (Jul 16)
- Re: Qt SSL endless loop Vincent Danen (Jul 16)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 19)
- Re: Qt SSL endless loop Vincent Danen (Jul 19)
- Re: Qt SSL endless loop Steven M. Christey (Aug 20)
- Re: Qt SSL endless loop Vincent Danen (Aug 20)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 16)