oss-sec mailing list archives
Re: Vulnerability fixed in Quassel?
From: Pierre Schweitzer <pierre () reactos org>
Date: Sat, 25 Oct 2014 21:30:20 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24/10/2014 12:41, Bas Pape wrote:
Should a CVE be assigned, note that Quassel took the code (cipher.cpp) from Konversation, and the same issue has been reported there [1].Sorry, forgot to actually paste the link. The konversation bug can be found at https://bugs.kde.org/show_bug.cgi?id=210792
Was a CVE ID assigned for the Konversation bug? In any case, it's way worse than my understanding (thanks for the clarifications!). So I believe a CVE should be assigned to that commit for Quassel. Do we need the project owners to ask for it? Or MITRE can just assign it? Cheers, - -- Pierre Schweitzer <pierre at reactos.org> System & Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUS/pHAAoJEHVFVWw9WFsLxXsP/0y1psVaN43frKtTyYCyZXNk MrAtV34l0Iyv+zz00UWntVT/od6zwS9qLi++3lHaSdF3SkB1wjARW7tkDmDVUHMZ HFuCn0nBJE62sUiRMzRwOyd7gSmiFAUr4XvWZq+8/bd3LZD//15WDMLlw5ZoL5b8 +qZVqq+SH7dPvQwksUeTonZvoMv6L1UJXmWAEkzPmMZoYL/C2l2/EeO5rWQRH751 4BFjK654VixbEIfQ9rzCBntPXA3YDZsUFMgdO6ZPoL6znNRhSFpMeE2GZlYEeQN4 jVxN9e4J0N40VgorGWr6AIBzhdwsv9bQaK4U8LIXTa2oBRDIVOeub6Idcoh5SXXF EQNafshYmLi+kc9BWW4IiDezZ1iW3xVcakjjaUk40wfurfnASb0GlxYbaHGEMP2L tSV0rW7y7C25P8BbSxn4NxeG0DFh7iaBVWfRZCO2harUO+XiSW8eQyMGZIijN4f9 zal6LIuObqllUuqfbQbhK1ZRlfDQbcNs18UO6oydyIV9c68EEb6KxTm2u5BujS/T KXqMh12w7ifqVfnp0FQ0BTnHzb6XKXSvDqYQHySWLp52vWSr/1dVUuPdzTAJ81Va rMBIAd9QEJdOUyU333xW2u9nJx1rBl9pxV0xBoIfPD8nop5Z/BS28YrxTVuY+TSR GSaGhsPu/W/BNijoH+Xb =LIKv -----END PGP SIGNATURE-----
Current thread:
- Vulnerability fixed in Quassel? Pierre Schweitzer (Oct 24)
- Re: Vulnerability fixed in Quassel? Bas Pape (Oct 24)
- Re: Vulnerability fixed in Quassel? Bas Pape (Oct 24)
- Re: Vulnerability fixed in Quassel? Pierre Schweitzer (Oct 25)
- Re: Vulnerability fixed in Quassel? Bas Pape (Oct 24)
- Re: Vulnerability fixed in Quassel? cve-assign (Oct 26)
- Re: Vulnerability fixed in Quassel? Bas Pape (Oct 24)