[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#641062: pu: package quassel/0.6.3-2



Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

A security issue within quassel was reported:
http://security-tracker.debian.org/tracker/TEMP-0640960-84D05E

The quassel chat server can crash in case of some requests:
http://bugs.quassel-irc.org/issues/1095

This issue has been discussed with SecurityTeam on IRC with pabs.
We agreed to do a regular stable upload as the criticality is not that high.

Upstream provided a fix with 0.7.3, which has already been accepted in unstable.
Backport of the fix to 0.6.3 has been finished and is ready for upload to stable.

Please find the debdiff attached.

Let me know as soon as it's okay for you to perform an upload .


Thanks alot,

Thomas


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.0.0-1-686-pae (SMP w/4 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
diff -Nru quassel-0.6.3/debian/changelog quassel-0.6.3/debian/changelog
--- quassel-0.6.3/debian/changelog	2010-10-08 12:27:30.000000000 +0000
+++ quassel-0.6.3/debian/changelog	2011-09-09 20:31:57.000000000 +0000
@@ -1,3 +1,9 @@
+quassel (0.6.3-2+squeeze1) stable; urgency=low
+
+  * Fixing security issue: ctcp DoS (Closes: #640960)
+
+ -- Thomas Mueller <thomas.mueller@tmit.eu>  Fri, 09 Sep 2011 20:30:15 +0000
+
 quassel (0.6.3-2) testing; urgency=low
 
   * correct order of changelog entries
diff -Nru quassel-0.6.3/debian/patches/02_fix_ctcp_dos.patch quassel-0.6.3/debian/patches/02_fix_ctcp_dos.patch
--- quassel-0.6.3/debian/patches/02_fix_ctcp_dos.patch	1970-01-01 00:00:00.000000000 +0000
+++ quassel-0.6.3/debian/patches/02_fix_ctcp_dos.patch	2011-09-09 21:23:40.000000000 +0000
@@ -0,0 +1,28 @@
+Description: Backported fix of ctcp DoS
+ Upstream fixed this issue with 0.7.3
+ This is the backported fix
+Origin: backport, http://bugs.quassel-irc.org/projects/quassel-irc/repository/revisions/da215fcb9cd3096a3e223c87577d5d4ab8f8518b/diff/src/core/ctcpparser.cpp
+Author: Manuel Nickschas <sput@quassel-irc.org>
+Bug-Debian: http://bugs.debian.org/640960
+Bug: http://bugs.quassel-irc.org/issues/1095
+Last-Update: 2011-09-09
+--- quassel-0.6.3/src/core/ctcphandler.cpp	2011-09-09 22:48:43.000000000 +0200
++++ quassel-0.6.3+squeeze1/src/core/ctcphandler.cpp	2011-09-09 22:58:45.000000000 +0200
+@@ -198,13 +198,10 @@
+     answerSize += replies.at(i).size();
+   }
+ 
+-  QByteArray quotedReply(answerSize, 0);
+-  int nextPos = 0;
+-  QByteArray &reply = quotedReply;
++  QByteArray quotedReply;
++  quotedReply.reserve(answerSize);
+   for(int i = 0; i < replies.count(); i++) {
+-    reply = replies.at(i);
+-    quotedReply.replace(nextPos, reply.size(), reply);
+-    nextPos += reply.size();
++    quotedReply.append(replies.at(i));
+   }
+ 
+   params << serverEncode(bufname) << quotedReply;
+
diff -Nru quassel-0.6.3/debian/patches/series quassel-0.6.3/debian/patches/series
--- quassel-0.6.3/debian/patches/series	2010-09-21 18:16:29.000000000 +0000
+++ quassel-0.6.3/debian/patches/series	2011-09-09 21:24:20.000000000 +0000
@@ -1 +1,2 @@
 01_default_network_channel.patch
+02_fix_ctcp_dos.patch

Reply to: