Accepted kvirc 2:3.2.4-5ubuntu2 (source)
Richard A. Johnson
nixternal at ubuntu.com
Wed Jul 4 17:20:15 BST 2007
Accepted:
OK: kvirc_3.2.4.orig.tar.gz
OK: kvirc_3.2.4-5ubuntu2.diff.gz
OK: kvirc_3.2.4-5ubuntu2.dsc
-> Component: universe Section: net
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 02 Jul 2007 13:16:11 -0500
Source: kvirc
Binary: kvirc-dev kvirc-data kvirc
Architecture: source
Version: 2:3.2.4-5ubuntu2
Distribution: gutsy
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Richard A. Johnson <nixternal at ubuntu.com>
Description:
kvirc - KDE based next generation IRC client with module support
kvirc-data - Data files for KVIrc
kvirc-dev - Development files for KVIrc
Launchpad-Bugs-Fixed: 123037
Changes:
kvirc (2:3.2.4-5ubuntu2) gutsy; urgency=low
.
* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
when building the command for KVIrc's internet script system. This can
be exploited to inject and execute commands for the KVIrc script system
(including the "run" command, which can be leveraged to execute shell
commands) by e.g. tricking a user into opening a specially crafted
"irc://" or similar URI.
* Add debian/patches/10_parseIrcUrl_security_fix.patch: properly sanitizes
URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
- http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
- http://secunia.com/secunia_research/2007-56/advisory/
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
- https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)
* Add debian/control: Debian Maintainer Field
Files:
da566f75298603d20088ef865493632d 744 net optional kvirc_3.2.4-5ubuntu2.dsc
8a5d63f80b4db77f9cb7c96d95e5b833 300151 net optional kvirc_3.2.4-5ubuntu2.diff.gz
Original-Maintainer: Robin Verduijn <robin at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGi8ZFH/9LqRcGPm0RAt99AJwJFI3Hw9vu9Ja/qbEFBHxagxiEHQCfZRYM
1o5wvR8iW6Z+wScivvsjKvs=
=PrIQ
-----END PGP SIGNATURE-----
More information about the gutsy-changes
mailing list