Date: Fri, 02 Jul 2010 11:45:20 -0500 From: Raphael Geissert <geissert@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Hi Jan, everyone, Jan Lieskovsky wrote: > Luigi Auriemma reported: >  http://aluigi.altervista.org/adv/mumbleed-adv.txt > > a deficiency in the way Mumble server processed malformed SQL query data. > A remote, authenticated user could use this flaw to cause denial of > service (mumble server termination) via specially-crafted QueryUsers Qt > SQLite SQL query. He also reported another vulnerability in Qt4's SSL support: http://aluigi.altervista.org/adv/qtsslame-adv.txt (reported to the Debian maintainers in http://bugs.debian.org/587711) Could a CVE be assigned for this other issue too? Thanks. Regards, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ