PublicDateAtUSN: 2011-09-09
Candidate: CVE-2011-3354
PublicDate: 2011-10-04 10:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3354
 http://www.openwall.com/lists/oss-security/2011/09/08/7
 https://ubuntu.com/security/notices/USN-1200-1
Description:
 The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before
 0.7.3 allows remote attackers to cause a denial of service (crash) via a
 crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the
 wild in September 2011.
Ubuntu-Description:
Notes:
 jdstrand> remote DoS being actively exploited
 jdstrand> CVE requested on oss-security
Bugs:
 https://bugs.launchpad.net/ubuntu/oneiric/+source/quassel/+bug/845707
Priority: medium
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_quassel:
 other: http://git.quassel-irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b
upstream_quassel: released (0.7.3)
hardy_quassel: DNE
lucid_quassel: released (0.6.1-0ubuntu1.2)
maverick_quassel: released (0.7.1-0ubuntu1.1)
natty_quassel: released (0.7.2-0ubuntu2.2)
devel_quassel: not-affected (0.7.3-0ubuntu1)