group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #23480
[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
This bug was fixed in the package quassel - 0.10.0-0ubuntu2.3
---------------
quassel (0.10.0-0ubuntu2.3) trusty-security; urgency=medium
* SECURITY UPDATE: quasselcore, corruption of heap metadata caused by
qdatastream (LP: #1767539)
- debian/patches/Implement_custom_deserializer.patch: Original patch from
upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer
- CVE-2018-1000178
* SECURITY UPDATE: quasselcore, denial of service for unconfigured core
(LP: #1767539)
- debian/patches/Reject_clients_that_attempt_to_login_before_the_core_is
_configured.patch: Original patch from upstream 0.12.5 release, adapted
for non-C++ 11 systems by Felix Geyer
- CVE-2018-1000179
-- Scott Kitterman <scott@xxxxxxxxxxxxx> Fri, 27 Apr 2018 20:25:50
-0400
** Changed in: quassel (Ubuntu Trusty)
Status: Confirmed => Fix Released
** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2018-1000178
** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2018-1000179
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1767539
Title:
Security fixes from 0.12.5 require backfit to earlier releases
Status in quassel package in Ubuntu:
Confirmed
Status in quassel source package in Trusty:
Fix Released
Status in quassel source package in Xenial:
Confirmed
Status in quassel source package in Artful:
Confirmed
Status in quassel source package in Bionic:
Confirmed
Status in quassel package in Debian:
Confirmed
Bug description:
A recent upstream release contains two security fixes. All supported
Ubuntu releases are affected.
* SECURITY UPDATE: quasselcore, corruption of heap metadata caused by
qdatastream
- debian/patches/Implement_custom_deserializer.patch: Original patch from
upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer
- CVE requested by upstream
* SECURITY UPDATE: quasselcore, denial of service for unconfigure core
- debian/patches/Reject_clients_that_attempt_to_login_before_the_core_is
_configured.patch: Original patch from upstream 0.12.5 release, adapted
for non-C++ 11 systems by Felix Geyer
- CVE requested by upstream
I'll be attaching a debdiff for Trusty, but not later releases as that
is the only Ubuntu release I still have an interest in. Note that the
debian/changelog doesn't have the LP bug number in it since I haven't
filed it yet. The trusty fix is based on the Debian patches for
Jessie (Debian 8):
https://salsa.debian.org/qt-kde-team/kde-extras/quassel/tree/jessie
I'm running the fixed version now.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions