This bug was fixed in the package quassel - 0.10.0-0ubuntu2.3 --------------- quassel (0.10.0-0ubuntu2.3) trusty-security; urgency=medium
* SECURITY UPDATE: quasselcore, corruption of heap metadata caused by qdatastream (LP: #1767539) - debian/patches/Implement_custom_deserializer.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE-2018-1000178 * SECURITY UPDATE: quasselcore, denial of service for unconfigured core (LP: #1767539) - debian/patches/Reject_clients_that_attempt_to_login_before_the_core_is _configured.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE-2018-1000179 -- Scott Kitterman <sc...@kitterman.com> Fri, 27 Apr 2018 20:25:50 -0400 ** Changed in: quassel (Ubuntu Trusty) Status: Confirmed => Fix Released ** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2018-1000178 ** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2018-1000179 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs