Accepted kvirc 2:3.2.4-5ubuntu2 (source)

Richard A. Johnson nixternal at ubuntu.com
Wed Jul 4 17:20:15 BST 2007


Accepted:
 OK: kvirc_3.2.4.orig.tar.gz
 OK: kvirc_3.2.4-5ubuntu2.diff.gz
 OK: kvirc_3.2.4-5ubuntu2.dsc
     -> Component: universe Section: net

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 02 Jul 2007 13:16:11 -0500
Source: kvirc
Binary: kvirc-dev kvirc-data kvirc
Architecture: source
Version: 2:3.2.4-5ubuntu2
Distribution: gutsy
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Richard A. Johnson <nixternal at ubuntu.com>
Description: 
 kvirc      - KDE based next generation IRC client with module support
 kvirc-data - Data files for KVIrc
 kvirc-dev  - Development files for KVIrc
Launchpad-Bugs-Fixed: 123037
Changes: 
 kvirc (2:3.2.4-5ubuntu2) gutsy; urgency=low
 .
   * SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
     when building the command for KVIrc's internet script system. This can
     be exploited to inject and execute commands for the KVIrc script system
     (including the "run" command, which can be leveraged to execute shell
     commands) by e.g. tricking a user into opening a specially crafted
     "irc://" or similar URI.
   * Add debian/patches/10_parseIrcUrl_security_fix.patch: properly sanitizes
     URI strings, as done in upstream SVN. (Fixes LP: #123037)
   * References:
     - http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
     - http://secunia.com/secunia_research/2007-56/advisory/
     - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
     - https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)
   * Add debian/control: Debian Maintainer Field
Files: 
 da566f75298603d20088ef865493632d 744 net optional kvirc_3.2.4-5ubuntu2.dsc
 8a5d63f80b4db77f9cb7c96d95e5b833 300151 net optional kvirc_3.2.4-5ubuntu2.diff.gz
Original-Maintainer: Robin Verduijn <robin at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGi8ZFH/9LqRcGPm0RAt99AJwJFI3Hw9vu9Ja/qbEFBHxagxiEHQCfZRYM
1o5wvR8iW6Z+wScivvsjKvs=
=PrIQ
-----END PGP SIGNATURE-----





More information about the gutsy-changes mailing list