Bugzilla – Bug 924930
VUL-0: CVE-2015-2778: quassel: core crash caused by sending an overlength CTCP query containing only multibyte characters.
Last modified: 2015-04-08 14:08:06 UTC
rh#1204855 The following commit fixed a denial of service in quassel: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8 It allows a connected client to cause a core crash by sending a CTCP request which would be too long and multibyte. This is mitigated by the fact that it requires an authed user. CVE request: http://seclists.org/oss-sec/2015/q1/903 References: https://bugzilla.redhat.com/show_bug.cgi?id=1204855 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2778 http://seclists.org/oss-sec/2015/q1/1030
bugbot adjusting priority
Submit request sent.
releasing
openSUSE-SU-2015:0687-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 924930,924933 CVE References: CVE-2015-2778,CVE-2015-2779 Sources used: openSUSE 13.2 (src): quassel-0.10.0-3.7.1 openSUSE 13.1 (src): quassel-0.9.2-19.1