Date: Fri, 2 Jul 2010 18:31:42 +0100 From: Luigi Auriemma <aluigi@...istici.org> To: oss-security <oss-security@...ts.openwall.com> Subject: Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug > Though not sure, if the true reason for this is: > 1, either Mumble server calling relevant Qt SQLite function in > improper way or 2, deficiency in that particular Qt function itself Hey Jan, I have not debugged the problem because I contacted directly the author immediately after the finding, so the following are his words in reply to the report of this specific bug: "The second seems to be a .. "feature" of SQLite; it bails if you have too many almost-but-not-really-utf8 chars in a 'like' query. We can probably add a workaround for that." So the problem "seems" to be caused by SQLite but should be necessary to see in its manual if there are references about limitations that the developers should respect or something else. BYEZ --- Luigi Auriemma http://aluigi.org
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.