Re: Vulnerability fixed in Quassel?

[Pierre Schweitzer <pierre () reactos org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 24/10/2014 12:41, Bas Pape wrote:
> > Should a CVE be assigned, note that Quassel took the code
> > (cipher.cpp) from Konversation, and the same issue has been
> > reported there [1].
>
> Sorry, forgot to actually paste the link. The konversation bug can
> be found at https://bugs.kde.org/show_bug.cgi?id=210792

Was a CVE ID assigned for the Konversation bug?

In any case, it's way worse than my understanding (thanks for the
clarifications!).

So I believe a CVE should be assigned to that commit for Quassel. Do
we need the project owners to ask for it? Or MITRE can just assign it?

Cheers,
- -- 
Pierre Schweitzer <pierre at reactos.org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUS/pHAAoJEHVFVWw9WFsLxXsP/0y1psVaN43frKtTyYCyZXNk
MrAtV34l0Iyv+zz00UWntVT/od6zwS9qLi++3lHaSdF3SkB1wjARW7tkDmDVUHMZ
HFuCn0nBJE62sUiRMzRwOyd7gSmiFAUr4XvWZq+8/bd3LZD//15WDMLlw5ZoL5b8
+qZVqq+SH7dPvQwksUeTonZvoMv6L1UJXmWAEkzPmMZoYL/C2l2/EeO5rWQRH751
4BFjK654VixbEIfQ9rzCBntPXA3YDZsUFMgdO6ZPoL6znNRhSFpMeE2GZlYEeQN4
jVxN9e4J0N40VgorGWr6AIBzhdwsv9bQaK4U8LIXTa2oBRDIVOeub6Idcoh5SXXF
EQNafshYmLi+kc9BWW4IiDezZ1iW3xVcakjjaUk40wfurfnASb0GlxYbaHGEMP2L
tSV0rW7y7C25P8BbSxn4NxeG0DFh7iaBVWfRZCO2harUO+XiSW8eQyMGZIijN4f9
zal6LIuObqllUuqfbQbhK1ZRlfDQbcNs18UO6oydyIV9c68EEb6KxTm2u5BujS/T
KXqMh12w7ifqVfnp0FQ0BTnHzb6XKXSvDqYQHySWLp52vWSr/1dVUuPdzTAJ81Va
rMBIAd9QEJdOUyU333xW2u9nJx1rBl9pxV0xBoIfPD8nop5Z/BS28YrxTVuY+TSR
GSaGhsPu/W/BNijoH+Xb
=LIKv
-----END PGP SIGNATURE-----