[ubuntu/karmic-security] kvirc_4.0.0~svn3240-1ubuntu0.1_powerpc_translations.tar.gz, kvirc, kvirc_4.0.0~svn3240-1ubuntu0.1_armel_translations.tar.gz, kvirc_4.0.0~svn3240-1ubuntu0.1_i386_translations.tar.gz, kvirc_4.0.0~svn3240-1ubuntu0.1_amd64_translations.tar.gz, kvirc_4.0.0~svn3240-1ubuntu0.1_lpia_translations.tar.gz, kvirc_4.0.0~svn3240-1ubuntu0.1_ia64_translations.tar.gz, kvirc_4.0.0~svn3240-1ubuntu0.1_sparc_translations.tar.gz (delayed) 4:4.0.0~svn3240-1ubuntu0.1 (Accepted)

[Ubuntu Installer]

kvirc (4:4.0.0~svn3240-1ubuntu0.1) karmic-security; urgency=low

  * SECURITY UPDATE: Two security issues have been discovered in the DCC
    protocol support code of kvirc, a KDE-based next generation IRC client,
    which allow the overwriting of local files through directory traversal
    and the execution of arbitrary code through a format string attack.
    - kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch
      - Patch based on upstream SVN revision 4317.
    - CVE-2010-2451, CVE-2010-2452:
      - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2451
      - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2452
    - LP: #601702

Date: Mon, 05 Jul 2010 00:41:51 +0200
Changed-By: Andreas Wenning <awen at awen.dk>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/kvirc/4:4.0.0~svn3240-1ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Mon, 05 Jul 2010 00:41:51 +0200
Source: kvirc
Binary: kvirc kvirc-data kvirc-dev
Architecture: source
Version: 4:4.0.0~svn3240-1ubuntu0.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Wenning <awen at awen.dk>
Description: 
 kvirc      - KDE based next generation IRC client with module support
 kvirc-data - Data files for KVIrc
 kvirc-dev  - Development files for KVIrc
Changes: 
 kvirc (4:4.0.0~svn3240-1ubuntu0.1) karmic-security; urgency=low
 .
   * SECURITY UPDATE: Two security issues have been discovered in the DCC
     protocol support code of kvirc, a KDE-based next generation IRC client,
     which allow the overwriting of local files through directory traversal
     and the execution of arbitrary code through a format string attack.
     - kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch
       - Patch based on upstream SVN revision 4317.
     - CVE-2010-2451, CVE-2010-2452:
       - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2451
       - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2452
     - LP: #601702
Checksums-Sha1: 
 72cd2a91e5c9a0048e52641f320523a752ef1833 1558 kvirc_4.0.0~svn3240-1ubuntu0.1.dsc
 5c34044a173e34d2527f47a9ade353d5e77f06d9 35404 kvirc_4.0.0~svn3240-1ubuntu0.1.diff.gz
Checksums-Sha256: 
 e9f28d85318e612e2881911f87c199850ca708a4137883db9a147d117cfea919 1558 kvirc_4.0.0~svn3240-1ubuntu0.1.dsc
 b869b8aca4537a7da34f33c09873c6f796d7691e8b6246550649b3d3d09120e3 35404 kvirc_4.0.0~svn3240-1ubuntu0.1.diff.gz
Files: 
 351ce18ee8140cbcdd48311f7049f5f1 1558 net optional kvirc_4.0.0~svn3240-1ubuntu0.1.dsc
 ff04020e76198d7e28d0e52f94935aca 35404 net optional kvirc_4.0.0~svn3240-1ubuntu0.1.diff.gz
Launchpad-Bugs-Fixed: 601702
Original-Maintainer: Debian KDE Extras Team <pkg-kde-extras at lists.alioth.debian.org>