Bug 338879 (CVE-2010-3443)

Summary:	<net-irc/quassel-{0.6.3,0.7.1}: Denial of Service Vulnerability (CVE-2010-3443)
Product:	Gentoo Security	Reporter:	Tim Sammut (RETIRED) <underling>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	patrick, proxy-maint
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://git.quassel-irc.org/?p=quassel.git;a=commitdiff;h=a4ca568cdf68cf4a0343eb161518dc8e50cea87d
Whiteboard:	B3 [glsa]
Package list:		Runtime testing required:	---

Description Tim Sammut (RETIRED) gentoo-dev

2010-09-27 06:30:15 UTC

From $url:

 If we receive multiple CTCP requests in one PRIVMSG we now answer with
 one packed NOTICE containing all CTCP replies. This fixes a possible
 DoS Attack rendering Quassels IRC connection useless. Upgrading is
 strongly recommended. Thanks to Jima for reporting and supporting.

Fixed software is already in the tree, and vulnerable code has already been removed. This bug is for GLSA tracking only.

Comment 1 Tim Sammut (RETIRED) gentoo-dev

2010-09-30 20:58:17 UTC

GLSA Vote: Yes, unassisted remote DoS.

Comment 2 Tobias Heinlein (RETIRED) gentoo-dev

2010-10-27 11:07:30 UTC

YES too, request filed.

Comment 3 Keshav Kini 2012-10-23 23:52:22 UTC

Ping.

Comment 4 GLSAMaker/CVETool Bot gentoo-dev

2013-11-07 01:53:41 UTC

This issue was resolved and addressed in
 GLSA 201311-03 at http://security.gentoo.org/glsa/glsa-201311-03.xml
by GLSA coordinator Sean Amoss (ackle).