Bug#597853: marked as done (quassel: Security issue with CTCP handling in 0.6.x and 0.7.x)

Debian Bug Tracking System Sun, 03 Oct 2010 05:36:19 -0700

Your message dated Sun, 03 Oct 2010 12:33:32 +0000
with message-id <e1p2nky-00045g...@franck.debian.org>
and subject line Bug#597853: fixed in quassel 0.6.3-1
has caused the Debian Bug report #597853,
regarding quassel: Security issue with CTCP handling in 0.6.x and 0.7.x
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
597853: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597853
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: quassel
Version: 0.7.1-1
Justification: user security hole
Severity: grave
Tags: security

Hi,

Upstream is highly recommending to upgrade quassel to 0.7.1 and 0.6.3 [1].
The 0.7.1 version found its way quickly into the offcial repositories
but not v0.6.3 which is for squeeze.
As this is a bug-fix version fixing a security issue, please upgrade
quickly, Thanks.

The maintainer is informed via PM.

Kind Regards,
- Sedat -

[1] http://quassel-irc.org/node/115


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.36-rc5-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages quassel depends on:
ii  dbus-x11            1.4.0-1              simple interprocess messaging syst
ii  gawk                1:3.1.7.dfsg-5       GNU awk, a pattern scanning and pr
ii  libc6               2.11.2-6             Embedded GNU C Library: Shared lib
ii  libgcc1             1:4.4.4-15           GCC support library
ii  libphonon4          4:4.6.0really4.4.2-1 the core library of the Phonon mul

--- End Message ---

--- Begin Message ---

Source: quassel
Source-Version: 0.6.3-1

We believe that the bug you reported is fixed in the latest version of
quassel, which is due to be installed in the Debian FTP archive:

quassel-client-kde4_0.6.3-1_i386.deb
  to main/q/quassel/quassel-client-kde4_0.6.3-1_i386.deb
quassel-client_0.6.3-1_i386.deb
  to main/q/quassel/quassel-client_0.6.3-1_i386.deb
quassel-core_0.6.3-1_i386.deb
  to main/q/quassel/quassel-core_0.6.3-1_i386.deb
quassel-data-kde4_0.6.3-1_all.deb
  to main/q/quassel/quassel-data-kde4_0.6.3-1_all.deb
quassel-data_0.6.3-1_all.deb
  to main/q/quassel/quassel-data_0.6.3-1_all.deb
quassel-kde4_0.6.3-1_i386.deb
  to main/q/quassel/quassel-kde4_0.6.3-1_i386.deb
quassel_0.6.3-1.debian.tar.gz
  to main/q/quassel/quassel_0.6.3-1.debian.tar.gz
quassel_0.6.3-1.dsc
  to main/q/quassel/quassel_0.6.3-1.dsc
quassel_0.6.3-1_i386.deb
  to main/q/quassel/quassel_0.6.3-1_i386.deb
quassel_0.6.3.orig.tar.bz2
  to main/q/quassel/quassel_0.6.3.orig.tar.bz2



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 597...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Mueller <thomas.muel...@tmit.eu> (supplier of updated quassel package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 03 Oct 2010 13:52:56 +0200
Source: quassel
Binary: quassel-core quassel-client quassel quassel-data quassel-client-kde4 
quassel-kde4 quassel-data-kde4
Architecture: source i386 all
Version: 0.6.3-1
Distribution: testing
Urgency: high
Maintainer: Thomas Mueller <thomas.muel...@tmit.eu>
Changed-By: Thomas Mueller <thomas.muel...@tmit.eu>
Description: 
 quassel    - distributed IRC client - Qt-based monolithic core+client
 quassel-client - distributed IRC client - Qt-based client component
 quassel-client-kde4 - distributed IRC client - KDE-based client
 quassel-core - distributed IRC client - core component
 quassel-data - distributed IRC client - shared data (Qt version)
 quassel-data-kde4 - distributed IRC client - shared data (KDE4 version)
 quassel-kde4 - distributed IRC client - KDE-based monolithic core+client
Closes: 597853
Changes: 
 quassel (0.6.3-1) testing; urgency=high
 .
   * New upstream bug fix release
   * Possible DoS attack vulnerability for multiple CTCP requests:
     http://bugs.quassel-irc.org/issues/1023 (closes: #597853)
   * contains unrelease bug fix release 0.6.2
Checksums-Sha1: 
 2067f00caa1cd03d2395cce357e2bba1c996a0a6 1351 quassel_0.6.3-1.dsc
 4532bd7d5d164883b97d4c86a4986b40d9645e40 2584143 quassel_0.6.3.orig.tar.bz2
 240d6c7d9b25f711e9f6d09bae34056ba1c898d5 17424 quassel_0.6.3-1.debian.tar.gz
 84f4b4a9f2bb6a3e7d2c145b3027f74ba50d4ab9 1421792 quassel-core_0.6.3-1_i386.deb
 0cf1062ab61cab0ef1d321bcdfcd64aca11e078a 2352322 
quassel-client_0.6.3-1_i386.deb
 c11265c92cabb95fb8f32570fa3e7c38c142ffcb 2789980 quassel_0.6.3-1_i386.deb
 4857c45e61284f9b913d116187df6f02a440e659 18128 quassel-data_0.6.3-1_all.deb
 8203cd24bb4397c31c570ca02a0a0a0359d8f1a3 909444 
quassel-client-kde4_0.6.3-1_i386.deb
 b833450c428e457a0c38056e8d90fa7e89ab57dc 1164694 quassel-kde4_0.6.3-1_i386.deb
 592d8e0aab7c5383d8bed119fbe51ae13a4998b1 884592 
quassel-data-kde4_0.6.3-1_all.deb
Checksums-Sha256: 
 3fe8698f46b0254d6a91086860887f2edd0453ff4a0c8e4cb44eb12a677d0cc4 1351 
quassel_0.6.3-1.dsc
 79259da9b36dc6a1b30724a0687fa2eac19354a9be6235af016329870e193f22 2584143 
quassel_0.6.3.orig.tar.bz2
 432661458d0fe269b623f8a53ec8e6acb6c81f8f4f67833fe9e6832d4a050b84 17424 
quassel_0.6.3-1.debian.tar.gz
 738fbdcd7dd9dff9013e85cb47d1303030ff0630521023e41adec59d41e5484a 1421792 
quassel-core_0.6.3-1_i386.deb
 6bb401ca53db82a8dfd5628acfddba041ca62d091b51f5cb6b9d4a285bcceac6 2352322 
quassel-client_0.6.3-1_i386.deb
 4d17fc1f8678606c0be28effc904c90bea0fbd9858bb72e134a72de9199d6909 2789980 
quassel_0.6.3-1_i386.deb
 4357c20a3600caad7353e2f005938707dfab4f1a95562c3615636dbedd8512a6 18128 
quassel-data_0.6.3-1_all.deb
 e8aa078a45e19673db7695e1dd43d753926a376b2a1e453f653de86c4805b301 909444 
quassel-client-kde4_0.6.3-1_i386.deb
 9f311ed61e35de7937ca45cdf2fcc363737f554f3e104ac9b41e95e59ff25fbb 1164694 
quassel-kde4_0.6.3-1_i386.deb
 52dd68d6ee9e89954abb7b66df05c3a57695ecff7eac770037e7e18ce22ed2e3 884592 
quassel-data-kde4_0.6.3-1_all.deb
Files: 
 4f57b506db90c04f31525161c69f45b0 1351 net optional quassel_0.6.3-1.dsc
 c9c056cb0e7abe9a407862fa306cbe49 2584143 net optional 
quassel_0.6.3.orig.tar.bz2
 b0f47f655214fd9b674bec82d1256c58 17424 net optional 
quassel_0.6.3-1.debian.tar.gz
 715960029d455ce9ca3ebaadbfe2df60 1421792 net optional 
quassel-core_0.6.3-1_i386.deb
 66d2e4616b516aa225c84a7d7bd060a1 2352322 net optional 
quassel-client_0.6.3-1_i386.deb
 49dab4a9e43127191573fac49b54ac8e 2789980 net optional quassel_0.6.3-1_i386.deb
 b764116af2f669648ab45e4fb40657c5 18128 net optional 
quassel-data_0.6.3-1_all.deb
 02b961f6778b9bfa15997cf767674243 909444 net optional 
quassel-client-kde4_0.6.3-1_i386.deb
 7b6847b5836b7207112134259cc1ff8b 1164694 net optional 
quassel-kde4_0.6.3-1_i386.deb
 1de0349a1add79c2ad5da4a611833fdb 884592 net optional 
quassel-data-kde4_0.6.3-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkyoc+AACgkQOB0qx4EksQCARgCfcx9g0r4jXSsEKkFqY0PmEcxi
MW4AniheFb0xUVUrJZhIsEuffpvkCmux
=Xd2D
-----END PGP SIGNATURE-----

--- End Message ---

Bug#597853: marked as done (quassel: Security issue with CTCP handling in 0.6.x and 0.7.x)

Reply via email to