Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 24 Oct 2014 12:23:14 +0200
From: Pierre Schweitzer <pierre@...ctos.org>
To: oss-security@...ts.openwall.com
Subject: Vulnerability fixed in Quassel?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear all,

I'm looking for opinions regarding the commit 8b5ecd2:
https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138
It fixes the issue 1314: http://bugs.quassel-irc.org/issues/1314

It appears to me that this is a vulnerability in the Quassel-core
which allows clients to remotely crash the core and thus cause a
denial of service using ill-formed messages.

Would it deserve a CVE and/or fixes in distributions which ship it?
I'm not affiliated in any kind with that project, so I might not have
 enough information regarding this fix, nor legitimity to request a
CVE for this.

Looking for your comments.

With my best regards,
P. Schweitzer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJUSiiHAAoJEHVFVWw9WFsLkDIQALFJJOqVFLgu87vBCAKSjHaC
a2pyYox8jICsS8zwfJV0LuWx4KCBJK26Y0EtDtnZp6cRhqQRJEC8S/BJ1uZwG5ND
xH60+t2ntbTa+Nw/zHpOd+0NnqUKicSLpp94KsulBv+OWmpXr+Vez6oQnG+6oUfW
Z/P8KDbMwarkcros6abqOcnukcauM9A4IOdki1CD+qaHkun+6zVnTlR/pY9jtPN5
TJHcLtmJpGDMmpocCCHroJasOGxHJq2TPTTdcRMEV6ckfg6RDN8EmaUwFLFrpVEu
Yirt7kzwgDCvTd81OwlLUxPXMG/OYM8oDXPouk95NomG4C5oG4lDC+EdwuBRcaxw
JNXK81RwVlY0p9d1rSo67pJRJuCsDChIxQJM8eXAehxtzjmWNfbmvHDMl6SGlyxN
ObSkC/dTMCREhQKrGqDoF54i6Q5SQpLRYkMsBr4da65NTFLCU6kFiJSKJQ7GTSEu
AY9kAhWdH2pd7sZ9YHiZf5s4oJ9STg9SO1PVtfVOAR3Jvc2yTzacurLRr2n7oWKu
M3gPnarZIoAppW/DrdJ7TnuWiZDH6NQRwAszQQZNkE97BDJieQSSC9itWQOA1n/0
ZCeNR04CzDeJsL+vfQffvKDNhlWwtcSAh/B/UfHhEo04rAIdIvJEuB3jZP3vFySR
qE9oLrDGadXbQvgraaLt
=mCbF
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ