Accepted kvirc 2:3.2.4-5ubuntu1.1 (source)

Ubuntu Installer archive at
Wed Jul 4 15:30:54 BST 2007

 OK: kvirc_3.2.4.orig.tar.gz
 OK: kvirc_3.2.4-5ubuntu1.1.diff.gz
 OK: kvirc_3.2.4-5ubuntu1.1.dsc
     -> Component: universe Section: net

Format: 1.7
Date: Mon, 02 Jul 2007 13:10:10 -0500
Source: kvirc
Binary: kvirc-dev kvirc-data kvirc
Architecture: source
Version: 2:3.2.4-5ubuntu1.1
Distribution: feisty-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at>
Changed-By: Richard A. Johnson <nixternal at>
 kvirc      - KDE based next generation IRC client with module support
 kvirc-data - Data files for KVIrc
 kvirc-dev  - Development files for KVIrc
 kvirc (2:3.2.4-5ubuntu1.1) feisty-security; urgency=low
   * SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
     when building the command for KVIrc's internet script system. This can
     be exploited to inject and execute commands for the KVIrc script system
     (including the "run" command, which can be leveraged to execute shell
     commands) by e.g. tricking a user into opening a specially crafted
     "irc://" or similar URI.
   * Add debian/patches/10_parseIrcUrl_security_fix.patch: properly sanitizes
     URI strings, as done in upstream SVN. (Fixes LP: #123037)
   * References:
     - (fix to kvi_ircurl.cpp)
   * Add debian/control: Debian Maintainer Field
 6a22397f326373295e3c0ee5527f11c0 748 net optional kvirc_3.2.4-5ubuntu1.1.dsc
 c329c90c7cbbb6a277df05e3a3ff13f6 300152 net optional kvirc_3.2.4-5ubuntu1.1.diff.gz
Original-Maintainer: Robin Verduijn <robin at>

More information about the feisty-changes mailing list