[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
** Changed in: quassel (Ubuntu) Assignee: Simon Quigley (tsimonq2) => (unassigned) ** Changed in: quassel (Ubuntu Cosmic) Assignee: Simon Quigley (tsimonq2) => (unassigned) ** Changed in: quassel (Ubuntu Bionic) Assignee: Simon Quigley (tsimonq2) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
** No longer affects: quassel (Ubuntu Artful) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
** Tags added: community-security -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to quassel in Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- kubuntu-bugs mailing list kubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
** Changed in: quassel (Ubuntu Xenial) Assignee: Simon Quigley (tsimonq2) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
This bug was fixed in the package quassel - 1:0.12.5-2ubuntu1 --- quassel (1:0.12.5-2ubuntu1) cosmic; urgency=high * Merge from Debian Sid (LP: #1767539). Remaining changes: - Dropping of (different) transitional packages since 16.04 LTS released. - Apparmor profile. - Ufw profile. - Change the default channel to #lubuntu. quassel (1:0.12.5-2) unstable; urgency=high * Build-depend on qtwebengine5-dev only for archs where it's available. quassel (1:0.12.5-1) unstable; urgency=high * New upstream release. - Fixes a deserialization security vulnerability. - Fixes a DoS while quassel is starting up. * Drop Fix_the_ssl_check_with_Qt_5.6_and_gcc_5.patch, applied upstream. * Build against Qt WebEngine instead of QtWebKit, following upstream. * Move git repo to salsa.debian.org -- Simon QuigleySun, 13 May 2018 19:52:22 -0500 ** Changed in: quassel (Ubuntu Cosmic) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
Uploaded a merge from Debian to Cosmic fixing this: https://launchpad.net/ubuntu/+source/quassel/1:0.12.5-2ubuntu1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
** Also affects: quassel (Ubuntu Cosmic) Importance: High Assignee: Simon Quigley (tsimonq2) Status: Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
Please re-subscribe ubuntu-security-sponsors when further updates are attached. Thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
** Changed in: quassel (Debian) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
On Thu, May 03, 2018 at 04:21:35AM -, Scott Kitterman wrote: > On Wednesday, May 02, 2018 07:27:36 AM you wrote: > > Thanks Scott. I've gone ahead and built this package in the > > https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/ ; > > given the large amount of code around the introduced deserializer, I'd > > like to see a successful test report before publishing to trusty- > > security. > > I'm running a patched version now. The same patch has been released by > Debian. Scott, thanks for the feedback. Publishing now. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
This bug was fixed in the package quassel - 0.10.0-0ubuntu2.3 --- quassel (0.10.0-0ubuntu2.3) trusty-security; urgency=medium * SECURITY UPDATE: quasselcore, corruption of heap metadata caused by qdatastream (LP: #1767539) - debian/patches/Implement_custom_deserializer.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE-2018-1000178 * SECURITY UPDATE: quasselcore, denial of service for unconfigured core (LP: #1767539) - debian/patches/Reject_clients_that_attempt_to_login_before_the_core_is _configured.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE-2018-1000179 -- Scott KittermanFri, 27 Apr 2018 20:25:50 -0400 ** Changed in: quassel (Ubuntu Trusty) Status: Confirmed => Fix Released ** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2018-1000178 ** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2018-1000179 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
On Wednesday, May 02, 2018 07:27:36 AM you wrote: > Thanks Scott. I've gone ahead and built this package in the > https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/ ; > given the large amount of code around the introduced deserializer, I'd > like to see a successful test report before publishing to trusty- > security. I'm running a patched version now. The same patch has been released by Debian. Scott K -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
Thanks Scott. I've gone ahead and built this package in the https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/ ; given the large amount of code around the introduced deserializer, I'd like to see a successful test report before publishing to trusty- security. Thanks again! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
** Changed in: quassel (Ubuntu Trusty) Assignee: Scott Kitterman (kitterman) => Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
Thanks Scott! Subscribing the security sponsors. ** Changed in: quassel (Ubuntu Xenial) Status: New => Confirmed ** Changed in: quassel (Ubuntu Bionic) Status: New => Confirmed ** Changed in: quassel (Ubuntu Artful) Status: New => Confirmed ** Changed in: quassel (Ubuntu Trusty) Importance: Undecided => High ** Changed in: quassel (Ubuntu Trusty) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: quassel (Ubuntu Artful) Importance: Undecided => High ** Changed in: quassel (Ubuntu Bionic) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: quassel (Ubuntu Xenial) Importance: Undecided => High ** Changed in: quassel (Ubuntu Bionic) Importance: Undecided => High ** Changed in: quassel (Ubuntu Xenial) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: quassel (Ubuntu Artful) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: quassel (Ubuntu Trusty) Assignee: Simon Quigley (tsimonq2) => Scott Kitterman (kitterman) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
** Changed in: quassel (Debian) Status: Unknown => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
** Bug watch added: Debian Bug tracker #896914 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896914 ** Also affects: quassel (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896914 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs