[Group.of.nepali.translators] [Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
** No longer affects: quassel (Ubuntu Artful) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases Status in quassel package in Ubuntu: Fix Released Status in quassel source package in Trusty: Fix Released Status in quassel source package in Xenial: Confirmed Status in quassel source package in Bionic: Confirmed Status in quassel source package in Cosmic: Fix Released Status in quassel package in Debian: Fix Released Bug description: A recent upstream release contains two security fixes. All supported Ubuntu releases are affected. * SECURITY UPDATE: quasselcore, corruption of heap metadata caused by qdatastream - debian/patches/Implement_custom_deserializer.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE requested by upstream * SECURITY UPDATE: quasselcore, denial of service for unconfigure core - debian/patches/Reject_clients_that_attempt_to_login_before_the_core_is _configured.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE requested by upstream I'll be attaching a debdiff for Trusty, but not later releases as that is the only Ubuntu release I still have an interest in. Note that the debian/changelog doesn't have the LP bug number in it since I haven't filed it yet. The trusty fix is based on the Debian patches for Jessie (Debian 8): https://salsa.debian.org/qt-kde-team/kde-extras/quassel/tree/jessie I'm running the fixed version now. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
This bug was fixed in the package quassel - 1:0.12.5-2ubuntu1 --- quassel (1:0.12.5-2ubuntu1) cosmic; urgency=high * Merge from Debian Sid (LP: #1767539). Remaining changes: - Dropping of (different) transitional packages since 16.04 LTS released. - Apparmor profile. - Ufw profile. - Change the default channel to #lubuntu. quassel (1:0.12.5-2) unstable; urgency=high * Build-depend on qtwebengine5-dev only for archs where it's available. quassel (1:0.12.5-1) unstable; urgency=high * New upstream release. - Fixes a deserialization security vulnerability. - Fixes a DoS while quassel is starting up. * Drop Fix_the_ssl_check_with_Qt_5.6_and_gcc_5.patch, applied upstream. * Build against Qt WebEngine instead of QtWebKit, following upstream. * Move git repo to salsa.debian.org -- Simon Quigley Sun, 13 May 2018 19:52:22 -0500 ** Changed in: quassel (Ubuntu Cosmic) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases Status in quassel package in Ubuntu: Fix Released Status in quassel source package in Trusty: Fix Released Status in quassel source package in Xenial: Confirmed Status in quassel source package in Artful: Confirmed Status in quassel source package in Bionic: Confirmed Status in quassel source package in Cosmic: Fix Released Status in quassel package in Debian: Fix Released Bug description: A recent upstream release contains two security fixes. All supported Ubuntu releases are affected. * SECURITY UPDATE: quasselcore, corruption of heap metadata caused by qdatastream - debian/patches/Implement_custom_deserializer.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE requested by upstream * SECURITY UPDATE: quasselcore, denial of service for unconfigure core - debian/patches/Reject_clients_that_attempt_to_login_before_the_core_is _configured.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE requested by upstream I'll be attaching a debdiff for Trusty, but not later releases as that is the only Ubuntu release I still have an interest in. Note that the debian/changelog doesn't have the LP bug number in it since I haven't filed it yet. The trusty fix is based on the Debian patches for Jessie (Debian 8): https://salsa.debian.org/qt-kde-team/kde-extras/quassel/tree/jessie I'm running the fixed version now. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
** Also affects: quassel (Ubuntu Cosmic) Importance: High Assignee: Simon Quigley (tsimonq2) Status: Confirmed -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases Status in quassel package in Ubuntu: Confirmed Status in quassel source package in Trusty: Fix Released Status in quassel source package in Xenial: Confirmed Status in quassel source package in Artful: Confirmed Status in quassel source package in Bionic: Confirmed Status in quassel source package in Cosmic: Confirmed Status in quassel package in Debian: Fix Released Bug description: A recent upstream release contains two security fixes. All supported Ubuntu releases are affected. * SECURITY UPDATE: quasselcore, corruption of heap metadata caused by qdatastream - debian/patches/Implement_custom_deserializer.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE requested by upstream * SECURITY UPDATE: quasselcore, denial of service for unconfigure core - debian/patches/Reject_clients_that_attempt_to_login_before_the_core_is _configured.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE requested by upstream I'll be attaching a debdiff for Trusty, but not later releases as that is the only Ubuntu release I still have an interest in. Note that the debian/changelog doesn't have the LP bug number in it since I haven't filed it yet. The trusty fix is based on the Debian patches for Jessie (Debian 8): https://salsa.debian.org/qt-kde-team/kde-extras/quassel/tree/jessie I'm running the fixed version now. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
** Changed in: quassel (Debian) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases Status in quassel package in Ubuntu: Confirmed Status in quassel source package in Trusty: Fix Released Status in quassel source package in Xenial: Confirmed Status in quassel source package in Artful: Confirmed Status in quassel source package in Bionic: Confirmed Status in quassel package in Debian: Fix Released Bug description: A recent upstream release contains two security fixes. All supported Ubuntu releases are affected. * SECURITY UPDATE: quasselcore, corruption of heap metadata caused by qdatastream - debian/patches/Implement_custom_deserializer.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE requested by upstream * SECURITY UPDATE: quasselcore, denial of service for unconfigure core - debian/patches/Reject_clients_that_attempt_to_login_before_the_core_is _configured.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE requested by upstream I'll be attaching a debdiff for Trusty, but not later releases as that is the only Ubuntu release I still have an interest in. Note that the debian/changelog doesn't have the LP bug number in it since I haven't filed it yet. The trusty fix is based on the Debian patches for Jessie (Debian 8): https://salsa.debian.org/qt-kde-team/kde-extras/quassel/tree/jessie I'm running the fixed version now. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
This bug was fixed in the package quassel - 0.10.0-0ubuntu2.3 --- quassel (0.10.0-0ubuntu2.3) trusty-security; urgency=medium * SECURITY UPDATE: quasselcore, corruption of heap metadata caused by qdatastream (LP: #1767539) - debian/patches/Implement_custom_deserializer.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE-2018-1000178 * SECURITY UPDATE: quasselcore, denial of service for unconfigured core (LP: #1767539) - debian/patches/Reject_clients_that_attempt_to_login_before_the_core_is _configured.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE-2018-1000179 -- Scott Kitterman Fri, 27 Apr 2018 20:25:50 -0400 ** Changed in: quassel (Ubuntu Trusty) Status: Confirmed => Fix Released ** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2018-1000178 ** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2018-1000179 -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases Status in quassel package in Ubuntu: Confirmed Status in quassel source package in Trusty: Fix Released Status in quassel source package in Xenial: Confirmed Status in quassel source package in Artful: Confirmed Status in quassel source package in Bionic: Confirmed Status in quassel package in Debian: Confirmed Bug description: A recent upstream release contains two security fixes. All supported Ubuntu releases are affected. * SECURITY UPDATE: quasselcore, corruption of heap metadata caused by qdatastream - debian/patches/Implement_custom_deserializer.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE requested by upstream * SECURITY UPDATE: quasselcore, denial of service for unconfigure core - debian/patches/Reject_clients_that_attempt_to_login_before_the_core_is _configured.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE requested by upstream I'll be attaching a debdiff for Trusty, but not later releases as that is the only Ubuntu release I still have an interest in. Note that the debian/changelog doesn't have the LP bug number in it since I haven't filed it yet. The trusty fix is based on the Debian patches for Jessie (Debian 8): https://salsa.debian.org/qt-kde-team/kde-extras/quassel/tree/jessie I'm running the fixed version now. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1767539] Re: Security fixes from 0.12.5 require backfit to earlier releases
** Bug watch added: Debian Bug tracker #896914 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896914 ** Also affects: quassel (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896914 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1767539 Title: Security fixes from 0.12.5 require backfit to earlier releases Status in quassel package in Ubuntu: New Status in quassel source package in Trusty: Confirmed Status in quassel source package in Xenial: New Status in quassel source package in Artful: New Status in quassel source package in Bionic: New Status in quassel package in Debian: Unknown Bug description: A recent upstream release contains two security fixes. All supported Ubuntu releases are affected. * SECURITY UPDATE: quasselcore, corruption of heap metadata caused by qdatastream - debian/patches/Implement_custom_deserializer.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE requested by upstream * SECURITY UPDATE: quasselcore, denial of service for unconfigure core - debian/patches/Reject_clients_that_attempt_to_login_before_the_core_is _configured.patch: Original patch from upstream 0.12.5 release, adapted for non-C++ 11 systems by Felix Geyer - CVE requested by upstream I'll be attaching a debdiff for Trusty, but not later releases as that is the only Ubuntu release I still have an interest in. Note that the debian/changelog doesn't have the LP bug number in it since I haven't filed it yet. The trusty fix is based on the Debian patches for Jessie (Debian 8): https://salsa.debian.org/qt-kde-team/kde-extras/quassel/tree/jessie I'm running the fixed version now. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1767539/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
