Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 27 Mar 2015 09:55:25 +0100
From: Pierre Schweitzer <pierre@...ctos.org>
To: OSS Security List <oss-security@...ts.openwall.com>
CC: cve-assign@...re.org
Subject: Re: CVE request: denial of service in Quassel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ping, in case it got missed.

On 03/20/2015 05:22 PM, Pierre Schweitzer wrote:
> Dear all,
> 
> The following commit fixed a denial of service in quassel: 
> https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
>
>  It allows a connected client to cause a core crash by sending a
> CTCP request which would be too long and multibyte.
> 
> This is mitigated by the fact that it requires an authed user.
> 
> With my best regards,
> 

- -- 
Pierre Schweitzer <pierre@...ctos.org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVFRr9AAoJEHVFVWw9WFsLir0QAIqV2Uv8vGbm4mRE6BcfoOcA
jKVEQJcOghqa/vW4TUf6qLnV6knshfLTIfFwa/d8xRtXDSgChxHaoMIGiMn8hc2p
0Lze6ZU5mDVYFAoMVCLje44m93+sdx3ak8dN2WriqtaibgmWhsbfp8GmfC4Nvy/G
/HpJSkWJoDMz3+QCeQ3qvreWGNjK7D+yLbcbbAcRS1sCbWLcdjYAncUjxzIqPcqv
CyIlw6DLhIYf4gyYxsE6+TfnIvjFHXYcdFpEsaNsk264nzK+26tMc3gs7gVQeIKS
e1o1NHnKg4xpnniIZcB8NHM/IfW3ajiKeZXJ3X3PDF9S8OKhJhVbEAtAIGaqCLhU
OVrKFC1ABWB7hvNvkN935xtbFrku40RfHc9+FF0O6IfXXo9KvsNkRdns0P5zm4rt
D/kitViV53iiVBIOaaw0AMP1icdiluGuOfGPMUjvn6lhLNbqRGCIlvtzeMEujyFe
Eh5ztdirEY3YGvX7tfWLw7aVm8qVCl9IdRmGnAWndSOc0vvDr0yGIYHBLaCxsmsg
f281yyGtoM48p40/D+d0ZQxloKWl/2tpm7meY7pz8F91uaPkJGv6YMRQurdX+gTP
TzF3LYhCowWy1xGR20OwrCgieYwOgRu5noNUQXEdRSyoqEh24Kbd3WHRYvVCQaE9
8XTnWCyI7ViOMgeWcglZ
=5R72
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ