[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Simon Quigley]

** Changed in: quassel (Ubuntu)
 Assignee: Simon Quigley (tsimonq2) => (unassigned)

** Changed in: quassel (Ubuntu Cosmic)
 Assignee: Simon Quigley (tsimonq2) => (unassigned)

** Changed in: quassel (Ubuntu Bionic)
 Assignee: Simon Quigley (tsimonq2) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Simon Quigley]

** No longer affects: quassel (Ubuntu Artful)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Simon Quigley]

** Tags added: community-security

-- 
You received this bug notification because you are a member of Kubuntu
Bugs, which is subscribed to quassel in Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
kubuntu-bugs mailing list
kubuntu-b...@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs

[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Simon Quigley]

** Changed in: quassel (Ubuntu Xenial)
 Assignee: Simon Quigley (tsimonq2) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Launchpad Bug Tracker]

This bug was fixed in the package quassel - 1:0.12.5-2ubuntu1

---
quassel (1:0.12.5-2ubuntu1) cosmic; urgency=high

  * Merge from Debian Sid (LP: #1767539). Remaining changes:
- Dropping of (different) transitional packages since 16.04 LTS released.
- Apparmor profile.
- Ufw profile.
- Change the default channel to #lubuntu.

quassel (1:0.12.5-2) unstable; urgency=high

  * Build-depend on qtwebengine5-dev only for archs where it's
available.

quassel (1:0.12.5-1) unstable; urgency=high

  * New upstream release.
- Fixes a deserialization security vulnerability.
- Fixes a DoS while quassel is starting up.
  * Drop Fix_the_ssl_check_with_Qt_5.6_and_gcc_5.patch, applied upstream.
  * Build against Qt WebEngine instead of QtWebKit, following upstream.
  * Move git repo to salsa.debian.org

 -- Simon Quigley   Sun, 13 May 2018 19:52:22 -0500

** Changed in: quassel (Ubuntu Cosmic)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Simon Quigley]

Uploaded a merge from Debian to Cosmic fixing this:
https://launchpad.net/ubuntu/+source/quassel/1:0.12.5-2ubuntu1

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Simon Quigley]

** Also affects: quassel (Ubuntu Cosmic)
   Importance: High
 Assignee: Simon Quigley (tsimonq2)
   Status: Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Seth Arnold]

Please re-subscribe ubuntu-security-sponsors when further updates are
attached. Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Bug Watch Updater]

** Changed in: quassel (Debian)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Steve Beattie]

On Thu, May 03, 2018 at 04:21:35AM -, Scott Kitterman wrote:
> On Wednesday, May 02, 2018 07:27:36 AM you wrote:
> > Thanks Scott. I've gone ahead and built this package in the
> > https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/ ;
> > given the large amount of code around the introduced deserializer, I'd
> > like to see a successful test report before publishing to trusty-
> > security.
> 
> I'm running a patched version now.  The same patch has been released by 
> Debian.

Scott, thanks for the feedback. Publishing now.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Launchpad Bug Tracker]

This bug was fixed in the package quassel - 0.10.0-0ubuntu2.3

---
quassel (0.10.0-0ubuntu2.3) trusty-security; urgency=medium

  * SECURITY UPDATE: quasselcore, corruption of heap metadata caused by
qdatastream (LP: #1767539)
- debian/patches/Implement_custom_deserializer.patch: Original patch from
  upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer
- CVE-2018-1000178
  * SECURITY UPDATE: quasselcore, denial of service for unconfigured core
(LP: #1767539)
- debian/patches/Reject_clients_that_attempt_to_login_before_the_core_is
  _configured.patch: Original patch from upstream 0.12.5 release, adapted
  for non-C++ 11 systems by Felix Geyer
- CVE-2018-1000179

 -- Scott Kitterman   Fri, 27 Apr 2018 20:25:50
-0400

** Changed in: quassel (Ubuntu Trusty)
   Status: Confirmed => Fix Released

** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2018-1000178

** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2018-1000179

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Scott Kitterman]

On Wednesday, May 02, 2018 07:27:36 AM you wrote:
> Thanks Scott. I've gone ahead and built this package in the
> https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/ ;
> given the large amount of code around the introduced deserializer, I'd
> like to see a successful test report before publishing to trusty-
> security.

I'm running a patched version now.  The same patch has been released by 
Debian.

Scott K

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Steve Beattie]

Thanks Scott. I've gone ahead and built this package in the
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/ ;
given the large amount of code around the introduced deserializer, I'd
like to see a successful test report before publishing to trusty-
security.

Thanks again!

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Steve Beattie]

** Changed in: quassel (Ubuntu Trusty)
 Assignee: Scott Kitterman (kitterman) => Steve Beattie (sbeattie)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Simon Quigley]

Thanks Scott!

Subscribing the security sponsors.

** Changed in: quassel (Ubuntu Xenial)
   Status: New => Confirmed

** Changed in: quassel (Ubuntu Bionic)
   Status: New => Confirmed

** Changed in: quassel (Ubuntu Artful)
   Status: New => Confirmed

** Changed in: quassel (Ubuntu Trusty)
   Importance: Undecided => High

** Changed in: quassel (Ubuntu Trusty)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: quassel (Ubuntu Artful)
   Importance: Undecided => High

** Changed in: quassel (Ubuntu Bionic)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: quassel (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: quassel (Ubuntu Bionic)
   Importance: Undecided => High

** Changed in: quassel (Ubuntu Xenial)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: quassel (Ubuntu Artful)
 Assignee: (unassigned) => Simon Quigley (tsimonq2)

** Changed in: quassel (Ubuntu Trusty)
 Assignee: Simon Quigley (tsimonq2) => Scott Kitterman (kitterman)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Bug Watch Updater]

** Changed in: quassel (Debian)
   Status: Unknown => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Scott Kitterman]

** Bug watch added: Debian Bug tracker #896914
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896914

** Also affects: quassel (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896914
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases

[Ubuntu Foundations Team Bug Bot]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539

Title:
  Security fixes from 0.12.5 require backfit to earlier releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs