Bug#768191: CVE-2014-8483: konversation: out-of-bounds read issue

Wed, 05 Nov 2014 11:57:54 -0800 

Package: konversation
Version: 1.5-1
Severity: important

Check for invalid input in encrypted buffers

The ECB Blowfish decryption function assumed that encrypted input would
always come in blocks of 12 characters, as specified. However, buggy
clients or annoying people may not adhere to that assumption, causing
the core to crash while trying to process the invalid base64 input.

(Description copied from http://bugs.quassel-irc.org/issues/1314)



-- System Information:
Debian Release: jessie/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable'), (110, 
'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages konversation depends on:
ii  kde-runtime        4:4.14.2-1
ii  kdepim-runtime     4:4.14.2-1
ii  konversation-data  1.5-1
ii  libc6              2.19-12
ii  libgcc1            1:4.9.1-19
ii  libkabc4           4:4.14.2-1
ii  libkde3support4    4:4.14.2-3
ii  libkdecore5        4:4.14.2-3
ii  libkdeui5          4:4.14.2-3
ii  libkemoticons4     4:4.14.2-3
ii  libkidletime4      4:4.14.2-3
ii  libkio5            4:4.14.2-3
ii  libknotifyconfig4  4:4.14.2-3
ii  libkparts4         4:4.14.2-3
ii  libkresources4     4:4.14.2-1
ii  libnepomuk4        4:4.14.2-3
ii  libnepomukutils4   4:4.14.2-3
ii  libphonon4         4:4.8.0-3
ii  libqca2            2.0.3-6
ii  libqt4-dbus        4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libqt4-network     4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libqt4-qt3support  4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libqt4-svg         4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libqt4-xml         4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libqtcore4         4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libqtgui4          4:4.8.6+git64-g5dc8b2b+dfsg-2+b1
ii  libsolid4          4:4.14.2-3
ii  libsoprano4        2.9.4+dfsg-1.1
ii  libstdc++6         4.9.1-19
ii  phonon             4:4.8.0-3

konversation recommends no packages.

konversation suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to