Bug 958928 (CVE-2015-8547) - VUL-0: CVE-2015-8547: quassel: Remote DoS in Quassel
Summary: VUL-0: CVE-2015-8547: quassel: Remote DoS in Quassel
Status: RESOLVED FIXED
Alias: CVE-2015-8547
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 13.1
: P5 - None : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/159713/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-12-14 09:17 UTC by Marcus Meissner
Modified: 2016-02-07 17:00 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-12-14 09:17:13 UTC 
CVE-2015-8547

From: Pierre Schweitzer <pierre@reactos.org>
Subject: [oss-security] CVE request: Remote DoS in Quassel

Dear all,

It was discovered and fixed [1] in Quassel, a DoS remotely triggerable
by any client on a Quassel core.

Any client sending the command "/op *" in a query will cause the Quassel
core to crash. I was able to reproduce it with Quassel 0.10.0.

No release has this fix in yet.

Can a CVE be assigned to this issue?

Cheers,

[1]:
https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7
-- 
Pierre Schweitzer <pierre at reactos.org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8547
http://seclists.org/oss-sec/2015/q4/478
Comment 1 Tomáš Chvátal 2015-12-14 12:24:39 UTC 
MR sent.
Comment 2 Bernhard Wiedemann 2015-12-14 13:00:07 UTC 
This is an autogenerated message for OBS integration:
This bug (958928) was mentioned in
https://build.opensuse.org/request/show/348822 13.2+42.1+13.1 / quassel
Comment 3 Andreas Stieger 2015-12-14 21:00:17 UTC 
update running
Comment 4 Andreas Stieger 2015-12-23 09:27:33 UTC 
releasing update
Comment 5 Swamp Workflow Management 2015-12-23 13:10:51 UTC 
openSUSE-SU-2015:2345-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 958928
CVE References: CVE-2015-8547
Sources used:
openSUSE Leap 42.1 (src):    quassel-0.12.2-7.1
openSUSE 13.2 (src):    quassel-0.10.0-3.13.1
openSUSE 13.1 (src):    quassel-0.9.2-25.1
Comment 6 Bernhard Wiedemann 2016-02-07 10:00:07 UTC 
This is an autogenerated message for OBS integration:
This bug (958928) was mentioned in
https://build.opensuse.org/request/show/358167 Factory / quassel
Comment 7 Bernhard Wiedemann 2016-02-07 14:00:08 UTC 
This is an autogenerated message for OBS integration:
This bug (958928) was mentioned in
https://build.opensuse.org/request/show/358210 Factory / quassel
Comment 8 Bernhard Wiedemann 2016-02-07 17:00:19 UTC 
This is an autogenerated message for OBS integration:
This bug (958928) was mentioned in
https://build.opensuse.org/request/show/358217 Factory / quassel