UbuntuUpdates.org

Package "quassel"

Name: quassel

Description:

KDE/Qt-based IRC client

Latest version: 0.10.0-0ubuntu2.3
Release: trusty (14.04)
Level: security
Repository: universe
Homepage: http://www.quassel-irc.org/

Links


Download "quassel"


Other versions of "quassel" in Trusty

Repository Area Version
base universe 0.10.0-0ubuntu2
updates universe 0.10.0-0ubuntu2.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.10.0-0ubuntu2.3 2018-05-03 06:06:43 UTC

  quassel (0.10.0-0ubuntu2.3) trusty-security; urgency=medium

  * SECURITY UPDATE: quasselcore, corruption of heap metadata caused by
    qdatastream (LP: #1767539)
    - debian/patches/Implement_custom_deserializer.patch: Original patch from
      upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer
    - CVE-2018-1000178
  * SECURITY UPDATE: quasselcore, denial of service for unconfigured core
    (LP: #1767539)
    - debian/patches/Reject_clients_that_attempt_to_login_before_the_core_is
      _configured.patch: Original patch from upstream 0.12.5 release, adapted
      for non-C++ 11 systems by Felix Geyer
    - CVE-2018-1000179

 -- Scott Kitterman <email address hidden> Fri, 27 Apr 2018 20:25:50 -0400

Source diff to previous version
1767539 Security fixes from 0.12.5 require backfit to earlier releases
CVE-2018-1000178 Implement custom deserializer to add our own sanity checks
CVE-2018-1000179 Reject clients that attempt to login before the core is configured

Version: 0.10.0-0ubuntu2.2 2015-05-05 01:06:27 UTC

  quassel (0.10.0-0ubuntu2.2) trusty-security; urgency=medium

  * SECURITY UPDATE: stack consumption vulnerability in message splitting code
    - debian/patches/CVE-2015-2778.patch: original patch from Michael Marley,
      backported by Steinar H. Gunderson
    - CVE-2015-2778 and CVE-2015-2779
  * SECURITY UPDATE: SQL injection vulnerability in PostgreSQL backend
    - debian/patches/CVE-2015-3427.patch: upstream patch
    - CVE-2015-3427
    - original issue was CVE-2013-4422 which had an incomplete fix
    - LP: #1448911

 -- Felix Geyer <email address hidden> Fri, 01 May 2015 18:30:44 +0200

Source diff to previous version
1448911 Execute initDbSession() on DB reconnects
CVE-2015-2778 Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash)
CVE-2015-2779 Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of servic
CVE-2015-3427 Incomplete fix for CVE-2013-4422
CVE-2013-4422 SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to exec

Version: 0.10.0-0ubuntu2.1 2014-11-17 19:06:42 UTC

  quassel (0.10.0-0ubuntu2.1) trusty-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read in ECB Blowfish decryption
    - debian/patches/CVE-2014-8483.patch: add upstream patch
    - CVE-2014-8483
    - LP: #1388333
 -- Felix Geyer <email address hidden> Tue, 04 Nov 2014 18:15:46 +0100

1388333 CVE-2014-8483: out-of-bounds read in ECB Blowfish decryption
CVE-2014-8483 The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a mal



About   -   Send Feedback to @ubuntu_updates