oss-sec mailing list archives
Re: CVE request: denial of service in Quassel
From: Pierre Schweitzer <pierre () reactos org>
Date: Fri, 27 Mar 2015 09:55:25 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ping, in case it got missed. On 03/20/2015 05:22 PM, Pierre Schweitzer wrote:
Dear all, The following commit fixed a denial of service in quassel: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8 It allows a connected client to cause a core crash by sending a CTCP request which would be too long and multibyte. This is mitigated by the fact that it requires an authed user. With my best regards,
- -- Pierre Schweitzer <pierre () reactos org> System & Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVFRr9AAoJEHVFVWw9WFsLir0QAIqV2Uv8vGbm4mRE6BcfoOcA jKVEQJcOghqa/vW4TUf6qLnV6knshfLTIfFwa/d8xRtXDSgChxHaoMIGiMn8hc2p 0Lze6ZU5mDVYFAoMVCLje44m93+sdx3ak8dN2WriqtaibgmWhsbfp8GmfC4Nvy/G /HpJSkWJoDMz3+QCeQ3qvreWGNjK7D+yLbcbbAcRS1sCbWLcdjYAncUjxzIqPcqv CyIlw6DLhIYf4gyYxsE6+TfnIvjFHXYcdFpEsaNsk264nzK+26tMc3gs7gVQeIKS e1o1NHnKg4xpnniIZcB8NHM/IfW3ajiKeZXJ3X3PDF9S8OKhJhVbEAtAIGaqCLhU OVrKFC1ABWB7hvNvkN935xtbFrku40RfHc9+FF0O6IfXXo9KvsNkRdns0P5zm4rt D/kitViV53iiVBIOaaw0AMP1icdiluGuOfGPMUjvn6lhLNbqRGCIlvtzeMEujyFe Eh5ztdirEY3YGvX7tfWLw7aVm8qVCl9IdRmGnAWndSOc0vvDr0yGIYHBLaCxsmsg f281yyGtoM48p40/D+d0ZQxloKWl/2tpm7meY7pz8F91uaPkJGv6YMRQurdX+gTP TzF3LYhCowWy1xGR20OwrCgieYwOgRu5noNUQXEdRSyoqEh24Kbd3WHRYvVCQaE9 8XTnWCyI7ViOMgeWcglZ =5R72 -----END PGP SIGNATURE-----
Current thread:
- CVE request: denial of service in Quassel Pierre Schweitzer (Mar 20)
- Re: CVE request: denial of service in Quassel Pierre Schweitzer (Mar 27)
- Re: CVE request: denial of service in Quassel cve-assign (Mar 27)
- Re: CVE request: denial of service in Quassel Pierre Schweitzer (Mar 27)
- Re: CVE request: denial of service in Quassel cve-assign (Mar 27)
- Re: CVE request: denial of service in Quassel Pierre Schweitzer (Mar 27)