oss-sec mailing list archives
Vulnerability fixed in Quassel?
From: Pierre Schweitzer <pierre () reactos org>
Date: Fri, 24 Oct 2014 12:23:14 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear all, I'm looking for opinions regarding the commit 8b5ecd2: https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138 It fixes the issue 1314: http://bugs.quassel-irc.org/issues/1314 It appears to me that this is a vulnerability in the Quassel-core which allows clients to remotely crash the core and thus cause a denial of service using ill-formed messages. Would it deserve a CVE and/or fixes in distributions which ship it? I'm not affiliated in any kind with that project, so I might not have enough information regarding this fix, nor legitimity to request a CVE for this. Looking for your comments. With my best regards, P. Schweitzer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJUSiiHAAoJEHVFVWw9WFsLkDIQALFJJOqVFLgu87vBCAKSjHaC a2pyYox8jICsS8zwfJV0LuWx4KCBJK26Y0EtDtnZp6cRhqQRJEC8S/BJ1uZwG5ND xH60+t2ntbTa+Nw/zHpOd+0NnqUKicSLpp94KsulBv+OWmpXr+Vez6oQnG+6oUfW Z/P8KDbMwarkcros6abqOcnukcauM9A4IOdki1CD+qaHkun+6zVnTlR/pY9jtPN5 TJHcLtmJpGDMmpocCCHroJasOGxHJq2TPTTdcRMEV6ckfg6RDN8EmaUwFLFrpVEu Yirt7kzwgDCvTd81OwlLUxPXMG/OYM8oDXPouk95NomG4C5oG4lDC+EdwuBRcaxw JNXK81RwVlY0p9d1rSo67pJRJuCsDChIxQJM8eXAehxtzjmWNfbmvHDMl6SGlyxN ObSkC/dTMCREhQKrGqDoF54i6Q5SQpLRYkMsBr4da65NTFLCU6kFiJSKJQ7GTSEu AY9kAhWdH2pd7sZ9YHiZf5s4oJ9STg9SO1PVtfVOAR3Jvc2yTzacurLRr2n7oWKu M3gPnarZIoAppW/DrdJ7TnuWiZDH6NQRwAszQQZNkE97BDJieQSSC9itWQOA1n/0 ZCeNR04CzDeJsL+vfQffvKDNhlWwtcSAh/B/UfHhEo04rAIdIvJEuB3jZP3vFySR qE9oLrDGadXbQvgraaLt =mCbF -----END PGP SIGNATURE-----
Current thread:
- Vulnerability fixed in Quassel? Pierre Schweitzer (Oct 24)
- Re: Vulnerability fixed in Quassel? Bas Pape (Oct 24)
- Re: Vulnerability fixed in Quassel? Bas Pape (Oct 24)
- Re: Vulnerability fixed in Quassel? Pierre Schweitzer (Oct 25)
- Re: Vulnerability fixed in Quassel? Bas Pape (Oct 24)
- Re: Vulnerability fixed in Quassel? cve-assign (Oct 26)
- Re: Vulnerability fixed in Quassel? Bas Pape (Oct 24)