A CVE has been assigned for a security issue fixed upstream on October 26: http://openwall.com/lists/oss-security/2014/10/26/1 Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated quassel packages fix security vulnerability: Due to and out-of-bounds read issue in Quassel core in The ECB Blowfish decryption function, a malicious client can cause either denial of service or disclosure of information from process memory by using an improperly formed message (CVE-2014-8483). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8483 http://bugs.quassel-irc.org/issues/1314 http://openwall.com/lists/oss-security/2014/10/26/1 ======================== Updated packages in core/updates_testing: ======================== quassel-0.9.2-1.1.mga3 quassel-common-0.9.2-1.1.mga3 quassel-client-0.9.2-1.1.mga3 quassel-core-0.9.2-1.1.mga3 quassel-0.9.2-1.1.mga4 quassel-common-0.9.2-1.1.mga4 quassel-client-0.9.2-1.1.mga4 quassel-core-0.9.2-1.1.mga4 from SRPMS: quassel-0.9.2-1.1.mga3.src.rpm quassel-0.9.2-1.1.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Updated quassel working fine here at work, Mageia 3 i586.
Whiteboard: MGA3TOO => MGA3TOO MGA3-32-OK
Testing complete Mageia 3 x86_64.
CC: (none) => remiWhiteboard: MGA3TOO MGA3-32-OK => MGA3TOO MGA3-32-OK MGA3-64-OK
Advisory uploaded.
Whiteboard: MGA3TOO MGA3-32-OK MGA3-64-OK => MGA3TOO MGA3-32-OK MGA3-64-OK advisory
Updated quassel working fine on Mageia 4 i586.
Whiteboard: MGA3TOO MGA3-32-OK MGA3-64-OK advisory => MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK advisory
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0436.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/618455/