CVE-2013-1769
Published: 28 February 2013
A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted message.
Notes
Author | Note |
---|---|
jdstrand | remotely trigged DoS in client software, arguably of 'low' priority |
mdeslaur | upstream bug 57521 contains another crasher fix. |
Priority
Status
Package | Release | Status |
---|---|---|
telepathy-gabble Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Released
(0.16.0-0ubuntu3.1)
|
|
quantal |
Released
(0.16.1-2ubuntu0.1)
|
|
raring |
Not vulnerable
(0.16.5-0ubuntu1)
|
|
upstream |
Released
(0.16.5,0.17.3)
|
|
Patches: upstream: http://cgit.freedesktop.org/telepathy/telepathy-gabble/commit/?id=0d908c122903a384882eff7de0e9ec6d6058d661 upstream: http://cgit.freedesktop.org/telepathy/telepathy-gabble/commit/?id=3b10a7f1b0fcb728210eb12231df8b1a4c289c3b upstream: http://cgit.freedesktop.org/wocky/commit/?id=099f5b1c7119d2d7d81970958fc8b8d19e3fc5e8 upstream: http://cgit.freedesktop.org/wocky/commit/?id=3e17bf71aa47e7fe52c7053ec5cf44836cf5bd03 upstream: http://cgit.freedesktop.org/wocky/commit/?id=565f2ed54f53adc7bd6793a0e746ceb349843408 |