|
Message-ID: <1272861971.1022175.1315591442202.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com> Date: Fri, 9 Sep 2011 14:04:02 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE request: Quassel < 0.7.3 CTCP request core DoS Please use CVE-2011-3354. Thanks. -- JB ----- Original Message ----- > Hi, > > please assign a CVE for the following issue: > CtcpParser::packedReply in src/core/ctcpparser.cpp in Quassel does not > process > certain CTCP requests correctly, allowing a remote attacker connected > to the > same IRC network as the victim to cause a Denial of Service condition > by > sending specially crafted CTCP requests. This was demonstrated in > various > exploits on freenode today. > > Gentoo tracks the issue in [1], upstream fix is [2]. > > Thanks, > Alex > > [1] https://bugs.gentoo.org/show_bug.cgi?id=382313 > [2] http://git.quassel- > irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b > > -- > Alex Legler <a3li@...too.org> > Gentoo Security / Ruby
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.