*** This bug is a security vulnerability *** Public security bug reported:
https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138 > Check for invalid input in encrypted buffers > > The ECB Blowfish decryption function assumed that encrypted input would > always come in blocks of 12 characters, as specified. However, buggy > clients or annoying people may not adhere to that assumption, causing > the core to crash while trying to process the invalid base64 input. ** Affects: quassel (Ubuntu) Importance: Undecided Status: New ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-8483 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1388333 Title: CVE-2014-8483: out-of-bounds read in ECB Blowfish decryption To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1388333/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
