2012-08-08 21:37:44 |
Felix Geyer |
bug |
|
|
added bug |
2012-08-08 21:37:50 |
Felix Geyer |
security vulnerability |
no |
yes |
|
2012-08-08 21:38:05 |
Felix Geyer |
cve linked |
|
2012-3461 |
|
2012-08-08 21:38:18 |
Felix Geyer |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684121 |
|
2012-08-08 21:38:18 |
Felix Geyer |
bug task added |
|
libotr (Debian) |
|
2012-08-08 21:38:51 |
Felix Geyer |
description |
> Multiple heap-based buffer overflow flaws were found in the way the
> Base64 decoder of libotr, an Off-The-Record Messaging library and
> toolkit, performed decoding of certain messages. A remote attacker
> could provide a specially-crafted OTR message that once processed
> in an application linked against libotr would lead to that
> application crash or, potentially, arbitrary code execution with
> the privileges of the user running the application. |
> Multiple heap-based buffer overflow flaws were found in the way the
> Base64 decoder of libotr, an Off-The-Record Messaging library and
> toolkit, performed decoding of certain messages. A remote attacker
> could provide a specially-crafted OTR message that once processed
> in an application linked against libotr would lead to that
> application crash or, potentially, arbitrary code execution with
> the privileges of the user running the application.
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html |
|
2012-08-08 21:43:06 |
Felix Geyer |
nominated for series |
|
Ubuntu Lucid |
|
2012-08-08 21:43:06 |
Felix Geyer |
bug task added |
|
libotr (Ubuntu Lucid) |
|
2012-08-08 21:43:06 |
Felix Geyer |
nominated for series |
|
Ubuntu Natty |
|
2012-08-08 21:43:06 |
Felix Geyer |
bug task added |
|
libotr (Ubuntu Natty) |
|
2012-08-08 21:43:06 |
Felix Geyer |
nominated for series |
|
Ubuntu Oneiric |
|
2012-08-08 21:43:06 |
Felix Geyer |
bug task added |
|
libotr (Ubuntu Oneiric) |
|
2012-08-08 21:43:06 |
Felix Geyer |
nominated for series |
|
Ubuntu Precise |
|
2012-08-08 21:43:06 |
Felix Geyer |
bug task added |
|
libotr (Ubuntu Precise) |
|
2012-08-08 21:43:06 |
Felix Geyer |
nominated for series |
|
Ubuntu Quantal |
|
2012-08-08 21:43:06 |
Felix Geyer |
bug task added |
|
libotr (Ubuntu Quantal) |
|
2012-08-08 21:46:07 |
Felix Geyer |
libotr (Ubuntu): status |
New |
Fix Released |
|
2012-08-09 13:28:33 |
Felix Geyer |
attachment added |
|
debdiff for precise https://bugs.launchpad.net/ubuntu/precise/+source/libotr/+bug/1034623/+attachment/3254416/+files/libotr_3.2.0-4ubuntu0.1.debdiff |
|
2012-08-09 13:37:20 |
Felix Geyer |
attachment added |
|
debdiff for oneiric https://bugs.launchpad.net/ubuntu/precise/+source/libotr/+bug/1034623/+attachment/3254425/+files/libotr_3.2.0-2.1ubuntu0.1.debdiff |
|
2012-08-09 13:37:35 |
Felix Geyer |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
2012-08-14 18:48:55 |
Steve Beattie |
libotr (Ubuntu Lucid): assignee |
|
Steve Beattie (sbeattie) |
|
2012-08-14 18:48:58 |
Steve Beattie |
libotr (Ubuntu Natty): assignee |
|
Steve Beattie (sbeattie) |
|
2012-08-14 18:48:59 |
Steve Beattie |
libotr (Ubuntu Oneiric): assignee |
|
Steve Beattie (sbeattie) |
|
2012-08-14 18:49:02 |
Steve Beattie |
libotr (Ubuntu Precise): assignee |
|
Steve Beattie (sbeattie) |
|
2012-08-14 18:49:05 |
Steve Beattie |
libotr (Ubuntu Lucid): status |
New |
In Progress |
|
2012-08-14 18:49:08 |
Steve Beattie |
libotr (Ubuntu Natty): status |
New |
In Progress |
|
2012-08-14 18:49:10 |
Steve Beattie |
libotr (Ubuntu Oneiric): status |
New |
In Progress |
|
2012-08-14 18:49:12 |
Steve Beattie |
libotr (Ubuntu Precise): status |
New |
In Progress |
|
2012-08-15 20:29:21 |
Bug Watch Updater |
libotr (Debian): status |
Unknown |
Fix Released |
|
2012-08-16 18:29:10 |
Launchpad Janitor |
libotr (Ubuntu Precise): status |
In Progress |
Fix Released |
|
2012-08-16 18:30:15 |
Launchpad Janitor |
libotr (Ubuntu Lucid): status |
In Progress |
Fix Released |
|
2012-08-16 18:30:19 |
Launchpad Janitor |
libotr (Ubuntu Natty): status |
In Progress |
Fix Released |
|
2012-08-16 18:30:22 |
Launchpad Janitor |
libotr (Ubuntu Oneiric): status |
In Progress |
Fix Released |
|
2012-08-16 19:30:25 |
Bryce Harrington |
description |
> Multiple heap-based buffer overflow flaws were found in the way the
> Base64 decoder of libotr, an Off-The-Record Messaging library and
> toolkit, performed decoding of certain messages. A remote attacker
> could provide a specially-crafted OTR message that once processed
> in an application linked against libotr would lead to that
> application crash or, potentially, arbitrary code execution with
> the privileges of the user running the application.
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html |
[Impact]
[Fix]
[Test Case]
[Regression Potential]
[Original Report]
> Multiple heap-based buffer overflow flaws were found in the way the
> Base64 decoder of libotr, an Off-The-Record Messaging library and
> toolkit, performed decoding of certain messages. A remote attacker
> could provide a specially-crafted OTR message that once processed
> in an application linked against libotr would lead to that
> application crash or, potentially, arbitrary code execution with
> the privileges of the user running the application.
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html |
|
2012-08-16 20:13:12 |
Bryce Harrington |
description |
[Impact]
[Fix]
[Test Case]
[Regression Potential]
[Original Report]
> Multiple heap-based buffer overflow flaws were found in the way the
> Base64 decoder of libotr, an Off-The-Record Messaging library and
> toolkit, performed decoding of certain messages. A remote attacker
> could provide a specially-crafted OTR message that once processed
> in an application linked against libotr would lead to that
> application crash or, potentially, arbitrary code execution with
> the privileges of the user running the application.
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html |
> Multiple heap-based buffer overflow flaws were found in the way the
> Base64 decoder of libotr, an Off-The-Record Messaging library and
> toolkit, performed decoding of certain messages. A remote attacker
> could provide a specially-crafted OTR message that once processed
> in an application linked against libotr would lead to that
> application crash or, potentially, arbitrary code execution with
> the privileges of the user running the application.
http://lists.cypherpunks.ca/pipermail/otr-dev/2012-July/001347.html |
|
2013-05-07 13:24:32 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/lucid/libotr/lucid-security |
|
2013-05-07 13:24:48 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/natty/libotr/natty-security |
|
2013-05-07 13:24:58 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/oneiric/libotr/oneiric-security |
|
2013-05-07 13:25:11 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/precise/libotr/precise-security |
|