Package "quassel"
Name: |
quassel
|
Description: |
KDE/Qt-based IRC client
|
Latest version: |
0.10.0-0ubuntu2.3 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
universe |
Homepage: |
http://www.quassel-irc.org/ |
Links
Download "quassel"
Other versions of "quassel" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
quassel (0.10.0-0ubuntu2.3) trusty-security; urgency=medium
* SECURITY UPDATE: quasselcore, corruption of heap metadata caused by
qdatastream (LP: #1767539)
- debian/patches/Implement_custom_deserializer.patch: Original patch from
upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer
- CVE-2018-1000178
* SECURITY UPDATE: quasselcore, denial of service for unconfigured core
(LP: #1767539)
- debian/patches/Reject_clients_that_attempt_to_login_before_the_core_is
_configured.patch: Original patch from upstream 0.12.5 release, adapted
for non-C++ 11 systems by Felix Geyer
- CVE-2018-1000179
-- Scott Kitterman <email address hidden> Fri, 27 Apr 2018 20:25:50 -0400
|
Source diff to previous version |
1767539 |
Security fixes from 0.12.5 require backfit to earlier releases |
CVE-2018-1000178 |
Implement custom deserializer to add our own sanity checks |
CVE-2018-1000179 |
Reject clients that attempt to login before the core is configured |
|
quassel (0.10.0-0ubuntu2.2) trusty-security; urgency=medium
* SECURITY UPDATE: stack consumption vulnerability in message splitting code
- debian/patches/CVE-2015-2778.patch: original patch from Michael Marley,
backported by Steinar H. Gunderson
- CVE-2015-2778 and CVE-2015-2779
* SECURITY UPDATE: SQL injection vulnerability in PostgreSQL backend
- debian/patches/CVE-2015-3427.patch: upstream patch
- CVE-2015-3427
- original issue was CVE-2013-4422 which had an incomplete fix
- LP: #1448911
-- Felix Geyer <email address hidden> Fri, 01 May 2015 18:30:44 +0200
|
Source diff to previous version |
1448911 |
Execute initDbSession() on DB reconnects |
CVE-2015-2778 |
Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) |
CVE-2015-2779 |
Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of servic |
CVE-2015-3427 |
Incomplete fix for CVE-2013-4422 |
CVE-2013-4422 |
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to exec |
|
quassel (0.10.0-0ubuntu2.1) trusty-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read in ECB Blowfish decryption
- debian/patches/CVE-2014-8483.patch: add upstream patch
- CVE-2014-8483
- LP: #1388333
-- Felix Geyer <email address hidden> Tue, 04 Nov 2014 18:15:46 +0100
|
1388333 |
CVE-2014-8483: out-of-bounds read in ECB Blowfish decryption |
CVE-2014-8483 |
The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a mal |
|
About
-
Send Feedback to @ubuntu_updates