Accepted kvirc 2:3.2.4-3ubuntu1.1 (source)

Ubuntu Installer archive at ubuntu.com
Wed Jul 4 09:55:29 BST 2007


Accepted:
 OK: kvirc_3.2.4.orig.tar.gz
 OK: kvirc_3.2.4-3ubuntu1.1.diff.gz
 OK: kvirc_3.2.4-3ubuntu1.1.dsc
     -> Component: universe Section: net

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 02 Jul 2007 13:12:22 -0500
Source: kvirc
Binary: kvirc-dev kvirc-data kvirc
Architecture: source
Version: 2:3.2.4-3ubuntu1.1
Distribution: edgy-security
Urgency: low
Maintainer: Robin Verduijn <robin at debian.org>
Changed-By: Richard A. Johnson <nixternal at ubuntu.com>
Description: 
 kvirc      - KDE based next generation IRC client with module support
 kvirc-data - Data files for KVIrc
 kvirc-dev  - Development files for KVIrc
Changes: 
 kvirc (2:3.2.4-3ubuntu1.1) edgy-security; urgency=low
 .
   * SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
     when building the command for KVIrc's internet script system. This can
     be exploited to inject and execute commands for the KVIrc script system
     (including the "run" command, which can be leveraged to execute shell
     commands) by e.g. tricking a user into opening a specially crafted
     "irc://" or similar URI.
   * Add debian/patches/09_parseIrcUrl_security_fix.patch: properly sanitizes
     URI strings, as done in upstream SVN. (Fixes LP: #123037)
   * References:
     - http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
     - http://secunia.com/secunia_research/2007-56/advisory/
     - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
     - https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)
Files: 
 aefd5c1df9fce1ac08fc04649a7ad428 673 net optional kvirc_3.2.4-3ubuntu1.1.dsc
 75675ef59cdca760a706a0474d65ef24 893622 net optional kvirc_3.2.4-3ubuntu1.1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGioyCH/9LqRcGPm0RAimLAJ0fn+9RmVQtW2N+hKkxNhhWs7dujACfVfZ1
KAFeBGK9nH4ZfMQfJq5JLhQ=
=9cDL
-----END PGP SIGNATURE-----





More information about the edgy-changes mailing list