Bug 902670 (CVE-2014-8483) - VUL-1: CVE-2014-8483: quassel: out-of-bounds read on a heap-allocated array
Summary: VUL-1: CVE-2014-8483: quassel: out-of-bounds read on a heap-allocated array
Status: RESOLVED FIXED
Alias: CVE-2014-8483
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/110182/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-27 09:08 UTC by Sebastian Krahmer
Modified: 2015-03-23 17:05 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2014-10-27 09:08:47 UTC 
rh#1156418



References:
https://bugzilla.redhat.com/show_bug.cgi?id=1156418
Comment 2 Sebastian Krahmer 2014-10-27 09:12:46 UTC 
Low priority, setting VUL-1
Comment 3 Swamp Workflow Management 2014-10-27 23:00:13 UTC 
bugbot adjusting priority
Comment 4 Marcus Meissner 2014-11-03 07:03:29 UTC 
tomas updated it last for factory, perhaps he can help.
Comment 5 Tomáš Chvátal 2014-11-03 08:15:46 UTC 
Core affected on all openSUSE products except Factory where we do not enable the crypto stuff (qt4 dependant and we have pure qt5 build).

The patch itself is trivial so I will do it. And for further purposes anything in KDE:Extra should fall back first to kde team overall (shumski, raymond...)
Comment 6 Bernhard Wiedemann 2014-11-03 09:00:24 UTC 
This is an autogenerated message for OBS integration:
This bug (902670) was mentioned in
https://build.opensuse.org/request/show/259427 13.1+12.3 / quassel
Comment 7 Bernhard Wiedemann 2014-11-03 10:00:25 UTC 
This is an autogenerated message for OBS integration:
This bug (902670) was mentioned in
https://build.opensuse.org/request/show/259432 13.2 / quassel
Comment 8 Marcus Meissner 2014-11-05 10:05:35 UTC 
also konversation had this CVE in its changes file?
Comment 9 Swamp Workflow Management 2014-11-10 17:05:12 UTC 
openSUSE-SU-2014:1382-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 902670
CVE References: CVE-2014-8483
Sources used:
openSUSE 13.2 (src):    quassel-0.10.0-3.4.1
openSUSE 13.1 (src):    quassel-0.9.2-16.1
openSUSE 12.3 (src):    quassel-0.8.0-5.4.1
Comment 10 Johannes Segitz 2014-11-12 11:00:10 UTC 
released fix
Comment 11 Swamp Workflow Management 2014-11-12 14:04:48 UTC 
openSUSE-SU-2014:1406-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 902670
CVE References: CVE-2014-8483
Sources used:
openSUSE 13.2 (src):    konversation-1.5.1-3.4.1
Comment 12 Swamp Workflow Management 2015-03-23 17:05:40 UTC 
openSUSE-SU-2015:0573-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 875470,883374,902670,905742,921999
CVE References: CVE-2014-0190,CVE-2014-3494,CVE-2014-8483,CVE-2014-8600,CVE-2015-0295
Sources used:
openSUSE 13.1 (src):    kdebase4-runtime-4.11.5-482.6, kdelibs4-4.11.5-488.2, kdelibs4-apidocs-4.11.5-488.3, konversation-1.5.1-3.4.3, kwebkitpart-1.3.3-2.4.1, libqt4-4.8.5-5.17.1, libqt4-devel-doc-4.8.5-5.17.2, libqt4-sql-plugins-4.8.5-5.17.1