Accepted kvirc 2:3.2.4-3ubuntu1.1 (source)
Ubuntu Installer
archive at ubuntu.com
Wed Jul 4 09:55:29 BST 2007
Accepted:
OK: kvirc_3.2.4.orig.tar.gz
OK: kvirc_3.2.4-3ubuntu1.1.diff.gz
OK: kvirc_3.2.4-3ubuntu1.1.dsc
-> Component: universe Section: net
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 02 Jul 2007 13:12:22 -0500
Source: kvirc
Binary: kvirc-dev kvirc-data kvirc
Architecture: source
Version: 2:3.2.4-3ubuntu1.1
Distribution: edgy-security
Urgency: low
Maintainer: Robin Verduijn <robin at debian.org>
Changed-By: Richard A. Johnson <nixternal at ubuntu.com>
Description:
kvirc - KDE based next generation IRC client with module support
kvirc-data - Data files for KVIrc
kvirc-dev - Development files for KVIrc
Changes:
kvirc (2:3.2.4-3ubuntu1.1) edgy-security; urgency=low
.
* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
when building the command for KVIrc's internet script system. This can
be exploited to inject and execute commands for the KVIrc script system
(including the "run" command, which can be leveraged to execute shell
commands) by e.g. tricking a user into opening a specially crafted
"irc://" or similar URI.
* Add debian/patches/09_parseIrcUrl_security_fix.patch: properly sanitizes
URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
- http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
- http://secunia.com/secunia_research/2007-56/advisory/
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
- https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)
Files:
aefd5c1df9fce1ac08fc04649a7ad428 673 net optional kvirc_3.2.4-3ubuntu1.1.dsc
75675ef59cdca760a706a0474d65ef24 893622 net optional kvirc_3.2.4-3ubuntu1.1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGioyCH/9LqRcGPm0RAimLAJ0fn+9RmVQtW2N+hKkxNhhWs7dujACfVfZ1
KAFeBGK9nH4ZfMQfJq5JLhQ=
=9cDL
-----END PGP SIGNATURE-----
More information about the edgy-changes
mailing list