Your message dated Mon, 07 May 2018 11:35:55 +0000 with message-id <e1ffeqt-000j3q...@fasolo.debian.org> and subject line Bug#896914: fixed in quassel 1:0.10.0-2.3+deb8u4 has caused the Debian Bug report #896914, regarding quassel: CVE-2018-1000178: Implement custom deserializer to add our own sanity checks to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 896914: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896914 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: quassel Version: 1:0.12.4-1 Severity: normal Tags: patch security upstream Control: fixed -1 1:0.12.5-1 Hi Felix, Filling this as bug to have an identifier, since no CVE has been assigned. https://www.quassel-irc.org/node/130 Commit "Implement custom deserializer to add our own sanity checks": https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: quassel Source-Version: 1:0.10.0-2.3+deb8u4 We believe that the bug you reported is fixed in the latest version of quassel, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 896...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Felix Geyer <fge...@debian.org> (supplier of updated quassel package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 28 Apr 2018 11:54:10 +0200 Source: quassel Binary: quassel-core quassel-client quassel quassel-data quassel-client-kde4 quassel-kde4 quassel-data-kde4 Architecture: source amd64 all Version: 1:0.10.0-2.3+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Thomas Mueller <thomas.muel...@tmit.eu> Changed-By: Felix Geyer <fge...@debian.org> Description: quassel - distributed IRC client - Qt-based monolithic core+client quassel-client - distributed IRC client - Qt-based client component quassel-client-kde4 - distributed IRC client - KDE-based client quassel-core - distributed IRC client - core component quassel-data - distributed IRC client - shared data (Qt version) quassel-data-kde4 - distributed IRC client - shared data (KDE4 version) quassel-kde4 - distributed IRC client - KDE-based monolithic core+client Closes: 896914 896915 Changes: quassel (1:0.10.0-2.3+deb8u4) jessie-security; urgency=high . * Backport upstream commit to implement a custom deserializer. Fixes possible remote code execution. (Closes: #896914) * Backport upstream commit to reject client logins before the core is configured. Fixes a DoS vulnerability. (Closes: #896915) Checksums-Sha1: 3da6c0eae2a77110f90a9defe65c74e7d715d22d 2400 quassel_0.10.0-2.3+deb8u4.dsc a67530ce29d7ee2bf02621d0582f3f6c31228489 27952 quassel_0.10.0-2.3+deb8u4.debian.tar.xz 50dddec3b0d50d29de07728405f955606e57fd4f 1663376 quassel-core_0.10.0-2.3+deb8u4_amd64.deb 9ec0aa36beb8ae37732255464ee54dc45251ba2e 2454760 quassel-client_0.10.0-2.3+deb8u4_amd64.deb f45b4819f85d632e4b804eda5675675a7abd87fa 2866680 quassel_0.10.0-2.3+deb8u4_amd64.deb d96d1e27b94f42c360a60dbd6958f04b310cf888 23216 quassel-data_0.10.0-2.3+deb8u4_all.deb 4dc6c435a1c9061269c79596071ecc83856ebf63 845010 quassel-client-kde4_0.10.0-2.3+deb8u4_amd64.deb 664b47e4fa9c384752d048ecfdad36da0b02c84d 1083386 quassel-kde4_0.10.0-2.3+deb8u4_amd64.deb 53b4a091e48c9d82a4c69421dd40a164087d3cda 623886 quassel-data-kde4_0.10.0-2.3+deb8u4_all.deb Checksums-Sha256: 378233ff3d4b44bb09125c53ac7d3d70eb752c0444218821e6f1db76ae678319 2400 quassel_0.10.0-2.3+deb8u4.dsc 0d863b1bba9536ee031bbf85ab6462db89a576faaa24725d62608558d207fc25 27952 quassel_0.10.0-2.3+deb8u4.debian.tar.xz 59f4adf1f438a38ee79c10c21596598ed2c73c86ffc23f881e77e75447595330 1663376 quassel-core_0.10.0-2.3+deb8u4_amd64.deb b6b0637eb4591ee14c05dd5097b6f8269a9626c07771ff884fcd9266ccde63b6 2454760 quassel-client_0.10.0-2.3+deb8u4_amd64.deb 0df4868945bdb160b0d6d53a50b8b860ac9b61064e28cc15347eddf733f5a284 2866680 quassel_0.10.0-2.3+deb8u4_amd64.deb 4265d29e6ea5f639426cb2577cc46c5825ca2534935776358683dafad8594982 23216 quassel-data_0.10.0-2.3+deb8u4_all.deb d7a3adef6f745103b92d6bba610458769486568a04ecf996f84a90bb7546453b 845010 quassel-client-kde4_0.10.0-2.3+deb8u4_amd64.deb 6fbd01edaef71484c931a446e9d1a44e304300e98643054483cf7991aaacd8aa 1083386 quassel-kde4_0.10.0-2.3+deb8u4_amd64.deb 434d623efa6a9d77a9868a123fb7c482e36e266f980897639e6b6264b2ba59aa 623886 quassel-data-kde4_0.10.0-2.3+deb8u4_all.deb Files: 755a4f4d40cd30e65d1414e0ef456725 2400 net optional quassel_0.10.0-2.3+deb8u4.dsc f3fb5d9a94775486f8b7ff73cb642a80 27952 net optional quassel_0.10.0-2.3+deb8u4.debian.tar.xz 74db007256a326b5fdd44eb60ae89a3c 1663376 net optional quassel-core_0.10.0-2.3+deb8u4_amd64.deb 0e3ba0767dda6bc3c43f3b3a236cc2ec 2454760 net optional quassel-client_0.10.0-2.3+deb8u4_amd64.deb e725a4ec20a6f1ed9f3a7e45f69c3978 2866680 net optional quassel_0.10.0-2.3+deb8u4_amd64.deb fe132fb969368db3bf2b2742f53c6c3e 23216 net optional quassel-data_0.10.0-2.3+deb8u4_all.deb cb1f308ffdc1ecd1ae9ea364ebd27413 845010 net optional quassel-client-kde4_0.10.0-2.3+deb8u4_amd64.deb 314263af13e93725ace27fed6a06c8d8 1083386 net optional quassel-kde4_0.10.0-2.3+deb8u4_amd64.deb b6b4f3a9eaba7b4b97f087c87f1d9cdd 623886 net optional quassel-data-kde4_0.10.0-2.3+deb8u4_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEFkxwUS95KUdnZKtW/iLG/YMTXUUFAlroKUgACgkQ/iLG/YMT XUX0mA/9F89mmcsXbh80nva18kx0GTdiKMYxmnMMAbpa+YyyONb6AIHr6qNspdbA vMpV57TJrCJJX+GLalfPLfGA8HLPbWGr6ijsNCdjYVhoLafzjzS37cm8+y+lmJ/a yFYoSXbScWo7kc1AXZPO6FvpGHGs0uEgC1hqwUixiRk2SndYobphoCESKeXum2QP 5qJaSKWMgSKLPyvbJm7SwE1KBjrwLKzBHcJTIoZaRnUvE1B3bVMG2sepC0GEz0Oj T4sDg5vnhl8zMa7NGvxipBmQjUuTVTHyNSOBmtWjjqof6AIfd5GK/shP5wGO8cej khUqJKwWnWn6LAb8QC8F5Zi7oDUTXtaZJq5xchYsrHgHuHIfQJqnbjlm2BAbQw7q cKeD8je2pugW8exlyEWiRIs9+kYISr7tfrThqaEK+agsGxIJWvPj7i6CJg1Ivlmc iCmL2Jbo+xDvp5NBJ8f5ZBhD6M5KYXidCXcrivqZBsBioPcWC8KUc9XLiwnlJgxH kM7yUh5hCWWj9j7+Zo8P8VzpSgEr1RFOo88ysjUPgotFA5yzzbstbu9zaBGpJ5Bx nQdAGKhfXQEv1cfyvomfHseOmB4pPeM2atqbSNn9EPGWqaT6btRCSfCJuh81T0sp pNTsq+f1GZOao6UAXnKyYtP893hQDjFzUjK+UF28xlkYDKEAb4M= =/w7i -----END PGP SIGNATURE-----
--- End Message ---
