Your message dated Mon, 07 May 2018 11:35:03 +0000 with message-id <e1ffeq3-000inj...@fasolo.debian.org> and subject line Bug#896914: fixed in quassel 1:0.12.4-2+deb9u1 has caused the Debian Bug report #896914, regarding quassel: CVE-2018-1000178: Implement custom deserializer to add our own sanity checks to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 896914: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896914 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: quassel Version: 1:0.12.4-1 Severity: normal Tags: patch security upstream Control: fixed -1 1:0.12.5-1 Hi Felix, Filling this as bug to have an identifier, since no CVE has been assigned. https://www.quassel-irc.org/node/130 Commit "Implement custom deserializer to add our own sanity checks": https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: quassel Source-Version: 1:0.12.4-2+deb9u1 We believe that the bug you reported is fixed in the latest version of quassel, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 896...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Felix Geyer <fge...@debian.org> (supplier of updated quassel package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 28 Apr 2018 11:54:39 +0200 Source: quassel Binary: quassel-core quassel-client quassel quassel-data quassel-client-kde4 quassel-kde4 Architecture: source Version: 1:0.12.4-2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian KDE Extras Team <pkg-kde-ext...@lists.alioth.debian.org> Changed-By: Felix Geyer <fge...@debian.org> Description: quassel - distributed IRC client - monolithic core+client quassel-client - distributed IRC client - client component quassel-client-kde4 - transitional package to quassel-client quassel-core - distributed IRC client - core component quassel-data - distributed IRC client - shared data quassel-kde4 - transitional package to quassel Closes: 896914 896915 Changes: quassel (1:0.12.4-2+deb9u1) stretch-security; urgency=high . * Backport upstream commit to implement a custom deserializer. Fixes possible remote code execution. (Closes: #896914) * Backport upstream commit to reject client logins before the core is configured. Fixes a DoS vulnerability. (Closes: #896915) * Backport upstream commit to fix OpenSSL detection with Qt 5.6 and GCC 5. Checksums-Sha1: 1e70cc25847370393dea2be32b93014bd24f407f 2697 quassel_0.12.4-2+deb9u1.dsc 0976e6c08a73d4138c7e09eba8975746562c6b76 3742639 quassel_0.12.4.orig.tar.bz2 fcc7e69ace457c517a3642d28edb269e23ee3b41 22912 quassel_0.12.4-2+deb9u1.debian.tar.xz Checksums-Sha256: c93fa1f6869b0e0e8cef3c5ac43f576fff3a791abb94c8c95b2f8a5b90cc54b7 2697 quassel_0.12.4-2+deb9u1.dsc 93e4e54cb3743cbe2e5684c2fcba94fd2bc2cd739f7672dee14341b49c29444d 3742639 quassel_0.12.4.orig.tar.bz2 b22fea9cb072146f185b2b186eaad092fdcdd360e2ece3ba91f31035e38ece8e 22912 quassel_0.12.4-2+deb9u1.debian.tar.xz Files: e387c704709fe34d11808a81036ccfa9 2697 net optional quassel_0.12.4-2+deb9u1.dsc 56abcde46decc5e341888a05189cece3 3742639 net optional quassel_0.12.4.orig.tar.bz2 ca24e059306edf0d810f3e5e2071b8b0 22912 net optional quassel_0.12.4-2+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEFkxwUS95KUdnZKtW/iLG/YMTXUUFAlroHggACgkQ/iLG/YMT XUV9WxAAr2LX2/xqCCjwUOn4WEoubKdyN7CxIyb34JAXTor1r/LAvv4C+68yNcov VzTAb9zLL2gjw4lzhKteWwnAgUhnevrALmTvJnpiaB+VCT4kltkBLDLpF0igKCsb Yh1mzYglZRTEoSBYXdx15yEtVuBeHfgpJy76qw9ER/hCRip/gaCQSnP9BcGI2xsg y1z9U7IDKGEaqtzxv5Ppbz7uQ2WfvQFMJr4uaDk+J7XGQP3zcp51ewg6bzQwMbKW xKf1E3SeRYDck5swS+hgKR8EOztmiUJFJxW2hByZOM3/gnWHrIzQHrYdtBU0szv1 jfe7VRPysrKPwVeMQxTAwZuc9m7lCd+zgxyY2wfsTmGn6zjsoOJD5vF39c3ruC3Y 3sd2cfbOaP42XUQ7YMIR6Hx07EGJa2Xqwyah+gxw3H39GMb+sn0ayyBnjae9qzgm Nd/gZM8imb5JZlnz0IHBnjD5ymwPjvgaJm8OUnBd7dlRF2P8F/pDgE4VSlKHWhDZ GXVMEzv1up1/bShj+0xQhRY8jsBbf0Nzxyee4PXgwzwY7sVdh2fFtYacGaVVb6TK c6ILJOxYWa3IBvD2hYmcEEXkzJYBZfogbtdjMKCfQGdOiv5mbV5zk8KJXqcAxNed wwvDlqKL5y7pV2TUXKkr2sxy5qOKxBkXxok+oNW6awT6XjLJ+gM= =6Ehd -----END PGP SIGNATURE-----
--- End Message ---
