Ubuntu

remote DoS

Reported by Jamie Strandboge on 2011-09-09
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Lucid Backports
Undecided
Scott Kitterman
maverick-backports
Fix Released
Undecided
Scott Kitterman
quassel (Ubuntu)
Medium
Scott Kitterman
Lucid
Medium
Jamie Strandboge
Maverick
Medium
Jamie Strandboge
Natty
Medium
Jamie Strandboge
Oneiric
Medium
Scott Kitterman

Bug Description

From http://www.openwall.com/lists/oss-security/2011/09/08/7:
"CtcpParser::packedReply in src/core/ctcpparser.cpp in Quassel does not process
 certain CTCP requests correctly, allowing a remote attacker connected to the
 same IRC network as the victim to cause a Denial of Service condition by
 sending specially crafted CTCP requests. This was demonstrated in various
 exploits on freenode today."

This is fixed in 0.7.3.

visibility: private → public
Changed in quassel (Ubuntu Oneiric):
assignee: nobody → Scott Kitterman (kitterman)
status: New → Fix Released
importance: Undecided → Medium
Changed in quassel (Ubuntu Lucid):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in quassel (Ubuntu Maverick):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in quassel (Ubuntu Natty):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in quassel (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in quassel (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in quassel (Ubuntu Natty):
status: In Progress → Fix Committed
Scott Kitterman (kitterman) wrote :

quassel (0.7.2-0ubuntu2.2~maverick1) maverick-backports; urgency=low

  * No change backport from ubuntu-security-proposed PPA for maverick

Date: Fri, 09 Sep 2011 15:40:05 -0400
Changed-By: Scott Kitterman <email address hidden>
Maintainer: Ubuntu Developers <email address hidden>
https://launchpad.net/ubuntu/maverick/+source/quassel/0.7.2-0ubuntu2.2~maverick1

Changed in maverick-backports:
status: New → Fix Released
Scott Kitterman (kitterman) wrote :

quassel (0.7.2-0ubuntu2.2~lucid1) lucid-backports; urgency=low

  * No change backport from ubuntu-security-proposed PPA for lucid

Date: Fri, 09 Sep 2011 15:40:05 -0400
Changed-By: Scott Kitterman <email address hidden>
Maintainer: Ubuntu Developers <email address hidden>
https://launchpad.net/ubuntu/lucid/+source/quassel/0.7.2-0ubuntu2.2~lucid1

Changed in lucid-backports:
status: New → Fix Released
assignee: nobody → Scott Kitterman (kitterman)
Changed in maverick-backports:
assignee: nobody → Scott Kitterman (kitterman)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package quassel - 0.6.1-0ubuntu1.2

---------------
quassel (0.6.1-0ubuntu1.2) lucid-security; urgency=low

  * SECURITY UPDATE: DoS in CTCP parser (LP: #845707)
    - debian/patches/11-quassel_CTCP_DoS_lp845707.patch: adjust for
      quotedReply to use QByteArray.append()
    - CVE-2011-XXXX
 -- Jamie Strandboge <email address hidden> Fri, 09 Sep 2011 10:41:22 -0500

Changed in quassel (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package quassel - 0.7.1-0ubuntu1.1

---------------
quassel (0.7.1-0ubuntu1.1) maverick-security; urgency=low

  * SECURITY UPDATE: DoS in CTCP parser (LP: #845707)
    - debian/patches/security_fix-ctcp-parser-dos.patch: adjust for
      quotedReply to use QByteArray.append()
    - CVE-2011-XXXX
 -- Jamie Strandboge <email address hidden> Fri, 09 Sep 2011 10:36:15 -0500

Changed in quassel (Ubuntu Maverick):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package quassel - 0.7.2-0ubuntu2.2

---------------
quassel (0.7.2-0ubuntu2.2) natty-security; urgency=low

  * SECURITY UPDATE: DoS in CTCP parser (LP: #845707)
    - debian/patches/security_fix-ctcp-parser-dos.patch: adjust for
      quotedReply to use QByteArray.append()
    - CVE-2011-XXXX
 -- Jamie Strandboge <email address hidden> Fri, 09 Sep 2011 10:26:10 -0500

Changed in quassel (Ubuntu Natty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers