Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 02 Jul 2010 11:45:20 -0500
From: Raphael Geissert <geissert@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug

Hi Jan, everyone,

Jan Lieskovsky wrote:
>    Luigi Auriemma reported:
>    [1] http://aluigi.altervista.org/adv/mumbleed-adv.txt
> 
> a deficiency in the way Mumble server processed malformed SQL query data.
> A remote, authenticated user could use this flaw to cause denial of
> service (mumble server termination) via specially-crafted QueryUsers Qt
> SQLite SQL query.

He also reported another vulnerability in Qt4's SSL support:
http://aluigi.altervista.org/adv/qtsslame-adv.txt

(reported to the Debian maintainers in http://bugs.debian.org/587711)

Could a CVE be assigned for this other issue too?

Thanks.

Regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ