CVE-2014-8483

Published: 29 October 2014

The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

Priority

Status

Package	Release	Status
konversation Launchpad, Ubuntu, Debian	lucid	Released (1.2.3-1ubuntu2.1)
	precise	Released (1.4-1ubuntu2.1)
	trusty	Released (1.5-1ubuntu1.14.04.1)
	upstream	Released (1.5.1)
	utopic	Released (1.5-1ubuntu1.14.10.1)
quassel Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Released (0.8.0-0ubuntu1.2)
	trusty	Released (0.10.0-0ubuntu2.1)
	upstream	Needs triage
	utopic	Released (0.10.1-0ubuntu1.1)
	Patches: upstream: https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138

References

https://www.kde.org/info/security/advisory-20141104-1.txt
https://ubuntu.com/security/notices/USN-2401-1
https://www.cve.org/CVERecord?id=CVE-2014-8483
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766962 (quassel)
http://bugs.quassel-irc.org/issues/1314
https://bugs.kde.org/show_bug.cgi?id=210792
https://bugs.launchpad.net/ubuntu/+source/konversation/+bug/1389296
https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/1388333

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›