-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: quassel Version: 0.10.0-2 Severity: important Tags: security, fixed-upstream
https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138 http://bugs.quassel-irc.org/issues/1314 """ Check for invalid input in encrypted buffers The ECB Blowfish decryption function assumed that encrypted input would always come in blocks of 12 characters, as specified. However, buggy clients or annoying people may not adhere to that assumption, causing the core to crash while trying to process the invalid base64 input. With this commit we make sure that we're not overstepping the bounds of the input string while decoding it; instead we bail out early and display the original input. Fixes #1314. Thanks to Tucos for finding that one! """ - --- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlROCigACgkQXf6hBi6kbk9F7wCgiMXj+fPrji5W3ABkpGicRfhV ioIAn3hTgwWppPDKcDBngyjSrUrU1FmO =K8h6 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
