[ubuntu/lucid-security] kvirc, kvirc_4.0.0~svn3900+rc2-1ubuntu0.1_ia64_translations.tar.gz, kvirc_4.0.0~svn3900+rc2-1ubuntu0.1_amd64_translations.tar.gz, kvirc_4.0.0~svn3900+rc2-1ubuntu0.1_powerpc_translations.tar.gz, kvirc_4.0.0~svn3900+rc2-1ubuntu0.1_i386_translations.tar.gz, kvirc_4.0.0~svn3900+rc2-1ubuntu0.1_armel_translations.tar.gz, kvirc_4.0.0~svn3900+rc2-1ubuntu0.1_sparc_translations.tar.gz (delayed) 4:4.0.0~svn3900+rc2-1ubuntu0.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Wed Jul 7 17:05:04 BST 2010


kvirc (4:4.0.0~svn3900+rc2-1ubuntu0.1) lucid-security; urgency=low

  * SECURITY UPDATE: Two security issues have been discovered in the DCC
    protocol support code of kvirc, a KDE-based next generation IRC client,
    which allow the overwriting of local files through directory traversal
    and the execution of arbitrary code through a format string attack.
    - kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch
      - Patch based on upstream SVN revision 4317.
    - CVE-2010-2451, CVE-2010-2452:
      - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2451
      - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2452
    - LP: #601702

Date: Mon, 05 Jul 2010 00:42:47 +0200
Changed-By: Andreas Wenning <awen at awen.dk>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/kvirc/4:4.0.0~svn3900+rc2-1ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Mon, 05 Jul 2010 00:42:47 +0200
Source: kvirc
Binary: kvirc kvirc-data kvirc-dbg
Architecture: source
Version: 4:4.0.0~svn3900+rc2-1ubuntu0.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Wenning <awen at awen.dk>
Description: 
 kvirc      - KDE-based next generation IRC client with module support
 kvirc-data - Data files for KVIrc
 kvirc-dbg  - KVIrc (IRC client) debugging symbols
Launchpad-Bugs-Fixed: 601702
Changes: 
 kvirc (4:4.0.0~svn3900+rc2-1ubuntu0.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: Two security issues have been discovered in the DCC
     protocol support code of kvirc, a KDE-based next generation IRC client,
     which allow the overwriting of local files through directory traversal
     and the execution of arbitrary code through a format string attack.
     - kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch
       - Patch based on upstream SVN revision 4317.
     - CVE-2010-2451, CVE-2010-2452:
       - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2451
       - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2452
     - LP: #601702
Checksums-Sha1: 
 0a5f00919253e97dd00422c63bd3af715aea1fd7 1675 kvirc_4.0.0~svn3900+rc2-1ubuntu0.1.dsc
 17a63030aa4304a23c9b04cc72836294391aa4b7 32134 kvirc_4.0.0~svn3900+rc2-1ubuntu0.1.debian.tar.gz
Checksums-Sha256: 
 a8294d2e26997ea305ff6e4e5d665da353b79b69ffa31d0f5cf74a7afa250869 1675 kvirc_4.0.0~svn3900+rc2-1ubuntu0.1.dsc
 4ff3d08b1a5de18a150b986ea274faae1ae12bb7fccc4a7080c3e77aeaa13543 32134 kvirc_4.0.0~svn3900+rc2-1ubuntu0.1.debian.tar.gz
Files: 
 ea560943e3f5b0f5f79b3e1ba97167d6 1675 net optional kvirc_4.0.0~svn3900+rc2-1ubuntu0.1.dsc
 2daf56d638544ecad140e0e988417515 32134 net optional kvirc_4.0.0~svn3900+rc2-1ubuntu0.1.debian.tar.gz
Original-Maintainer: Debian KDE Extras Team <pkg-kde-extras at lists.alioth.debian.org>


More information about the Lucid-changes mailing list