Accepted kvirc 2:3.2.0-5ubuntu1.1 (source)

Ubuntu Installer archive at ubuntu.com
Wed Jul 4 09:55:14 BST 2007


Accepted:
 OK: kvirc_3.2.0.orig.tar.gz
 OK: kvirc_3.2.0-5ubuntu1.1.diff.gz
 OK: kvirc_3.2.0-5ubuntu1.1.dsc
     -> Component: universe Section: net

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 02 Jul 2007 13:14:30 -0500
Source: kvirc
Binary: kvirc-dev kvirc-data kvirc
Architecture: source
Version: 2:3.2.0-5ubuntu1.1
Distribution: dapper-security
Urgency: low
Maintainer: Robin Verduijn <robin at debian.org>
Changed-By: Richard A. Johnson <nixternal at ubuntu.com>
Description: 
 kvirc      - KDE based next generation IRC client with module support
 kvirc-data - Data files for KVIrc
 kvirc-dev  - Development files for KVIrc
Changes: 
 kvirc (2:3.2.0-5ubuntu1.1) dapper-security; urgency=low
 .
   * SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
     when building the command for KVIrc's internet script system. This can
     be exploited to inject and execute commands for the KVIrc script system
     (including the "run" command, which can be leveraged to execute shell
     commands) by e.g. tricking a user into opening a specially crafted
     "irc://" or similar URI.
   * Add debian/patches/09_parseIrcUrl_security_fix.patch: propery sanitizes
     URI strings, as done in upstream SVN. (Fixes LP: #123037)
   * References:
     - http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
     - http://secunia.com/secunia_research/2007-56/advisory/
     - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
     - https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)
Files: 
 4299010085649c80dedcb0e17c748c40 672 net optional kvirc_3.2.0-5ubuntu1.1.dsc
 11329dcbfc0128808671579634090b68 50003 net optional kvirc_3.2.0-5ubuntu1.1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGir3QH/9LqRcGPm0RAr/pAJ951lCQNho9cAhoJGChu5ans+m4aACeIxet
U/Z4m1aI/TOoFc6EE3/ggXo=
=qsM2
-----END PGP SIGNATURE-----





More information about the dapper-changes mailing list