| Summary: | CVE-2011-3354: quassel | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Vigier <boklm> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | dmorganec, eeeemail, sysadmin-bugs |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | quassel | CVE: | |
| Status comment: | |||
|
Description
Nicolas Vigier
2011-09-13 16:24:37 CEST
An update is available in updates_testing. quassel-0.7.2-1.1.mga1 in the repo Assignee:
bugsquad =>
qa-bugs There is testing info here - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640960 I use quassel does somebody want to test (please let me know first!) then I'll update and try the same again. CC:
(none) =>
eeeemail Is anybody able to interpret that into a workable ctcp? Also more info here - https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/629774 Not being able to reproduce the crash, I've tested functionality and quassel shows no regressions i586. Requires x86_64 testing still. Basic testing x86_64 complete. Validated Update. Advisory: ----------------- Quassel does not process certain CTCP requests correctly, allowing a remote attacker connected to the same IRC network as the victim to cause a Denial of Service condition by sending specially crafted CTCP requests. This was demonstrated in various exploits on freenode. http://www.openwall.com/lists/oss-security/2011/09/08/7 This update provides a fix. ----------------- SRPM: quassel-0.7.2-1.2.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates. Thankyou! Keywords:
(none) =>
validated_update update pushed. Status:
NEW =>
RESOLVED |