Advisories » MGASA-2015-0147

Updated quassel packages fix security vulnerabilities

Publication date: 15 Apr 2015
Modification date: 15 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-2778 , CVE-2015-2779

Description

Updated quassel packages fix security vulnerabilities:

Quassel could crash when receiving an overlength CTCP query containing only
multibyte characters (CVE-2015-2778).

Quassel could incorrectly split a message in the middle of a multibyte
character, leading to a denial of service (CVE-2015-2779).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15544
• http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2778
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2779

SRPMS

4/core

• quassel-0.9.2-1.2.mga4