This bug was fixed in the package quassel - 0.10.0-0ubuntu2.3
---------------
quassel (0.10.0-0ubuntu2.3) trusty-security; urgency=medium
* SECURITY UPDATE: quasselcore, corruption of heap metadata caused by
qdatastream (LP: #1767539)
- debian/patches/Implement_custom_deserializer.patch: Original patch from
upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer
- CVE-2018-1000178
* SECURITY UPDATE: quasselcore, denial of service for unconfigured core
(LP: #1767539)
- debian/patches/Reject_clients_that_attempt_to_login_before_the_core_is
_configured.patch: Original patch from upstream 0.12.5 release, adapted
for non-C++ 11 systems by Felix Geyer
- CVE-2018-1000179
-- Scott Kitterman <sc...@kitterman.com> Fri, 27 Apr 2018 20:25:50
-0400
** Changed in: quassel (Ubuntu Trusty)
Status: Confirmed => Fix Released
** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2018-1000178
** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2018-1000179
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767539
Title:
Security fixes from 0.12.5 require backfit to earlier releases
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
