Accepted kvirc 2:3.2.4-5ubuntu1.1 (source)
Ubuntu Installer
archive at ubuntu.com
Wed Jul 4 15:30:54 BST 2007
Accepted:
OK: kvirc_3.2.4.orig.tar.gz
OK: kvirc_3.2.4-5ubuntu1.1.diff.gz
OK: kvirc_3.2.4-5ubuntu1.1.dsc
-> Component: universe Section: net
Format: 1.7
Date: Mon, 02 Jul 2007 13:10:10 -0500
Source: kvirc
Binary: kvirc-dev kvirc-data kvirc
Architecture: source
Version: 2:3.2.4-5ubuntu1.1
Distribution: feisty-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Richard A. Johnson <nixternal at ubuntu.com>
Description:
kvirc - KDE based next generation IRC client with module support
kvirc-data - Data files for KVIrc
kvirc-dev - Development files for KVIrc
Changes:
kvirc (2:3.2.4-5ubuntu1.1) feisty-security; urgency=low
.
* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
when building the command for KVIrc's internet script system. This can
be exploited to inject and execute commands for the KVIrc script system
(including the "run" command, which can be leveraged to execute shell
commands) by e.g. tricking a user into opening a specially crafted
"irc://" or similar URI.
* Add debian/patches/10_parseIrcUrl_security_fix.patch: properly sanitizes
URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
- http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
- http://secunia.com/secunia_research/2007-56/advisory/
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
- https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)
* Add debian/control: Debian Maintainer Field
Files:
6a22397f326373295e3c0ee5527f11c0 748 net optional kvirc_3.2.4-5ubuntu1.1.dsc
c329c90c7cbbb6a277df05e3a3ff13f6 300152 net optional kvirc_3.2.4-5ubuntu1.1.diff.gz
Original-Maintainer: Robin Verduijn <robin at debian.org>
More information about the feisty-changes
mailing list