[ubuntu/lucid-security] kvirc, kvirc_4.0.0~svn3900+rc2-1ubuntu0.1_ia64_translations.tar.gz, kvirc_4.0.0~svn3900+rc2-1ubuntu0.1_amd64_translations.tar.gz, kvirc_4.0.0~svn3900+rc2-1ubuntu0.1_powerpc_translations.tar.gz, kvirc_4.0.0~svn3900+rc2-1ubuntu0.1_i386_translations.tar.gz, kvirc_4.0.0~svn3900+rc2-1ubuntu0.1_armel_translations.tar.gz, kvirc_4.0.0~svn3900+rc2-1ubuntu0.1_sparc_translations.tar.gz (delayed) 4:4.0.0~svn3900+rc2-1ubuntu0.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Wed Jul 7 17:07:05 BST 2010
kvirc (4:4.0.0~svn3900+rc2-1ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: Two security issues have been discovered in the DCC
protocol support code of kvirc, a KDE-based next generation IRC client,
which allow the overwriting of local files through directory traversal
and the execution of arbitrary code through a format string attack.
- kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch
- Patch based on upstream SVN revision 4317.
- CVE-2010-2451, CVE-2010-2452:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2451
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2452
- LP: #601702
Date: Mon, 05 Jul 2010 00:42:47 +0200
Changed-By: Andreas Wenning <awen at awen.dk>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/kvirc/4:4.0.0~svn3900+rc2-1ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Mon, 05 Jul 2010 00:42:47 +0200
Source: kvirc
Binary: kvirc kvirc-data kvirc-dbg
Architecture: source
Version: 4:4.0.0~svn3900+rc2-1ubuntu0.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Wenning <awen at awen.dk>
Description:
kvirc - KDE-based next generation IRC client with module support
kvirc-data - Data files for KVIrc
kvirc-dbg - KVIrc (IRC client) debugging symbols
Launchpad-Bugs-Fixed: 601702
Changes:
kvirc (4:4.0.0~svn3900+rc2-1ubuntu0.1) lucid-security; urgency=low
.
* SECURITY UPDATE: Two security issues have been discovered in the DCC
protocol support code of kvirc, a KDE-based next generation IRC client,
which allow the overwriting of local files through directory traversal
and the execution of arbitrary code through a format string attack.
- kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch
- Patch based on upstream SVN revision 4317.
- CVE-2010-2451, CVE-2010-2452:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2451
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2452
- LP: #601702
Checksums-Sha1:
0a5f00919253e97dd00422c63bd3af715aea1fd7 1675 kvirc_4.0.0~svn3900+rc2-1ubuntu0.1.dsc
17a63030aa4304a23c9b04cc72836294391aa4b7 32134 kvirc_4.0.0~svn3900+rc2-1ubuntu0.1.debian.tar.gz
Checksums-Sha256:
a8294d2e26997ea305ff6e4e5d665da353b79b69ffa31d0f5cf74a7afa250869 1675 kvirc_4.0.0~svn3900+rc2-1ubuntu0.1.dsc
4ff3d08b1a5de18a150b986ea274faae1ae12bb7fccc4a7080c3e77aeaa13543 32134 kvirc_4.0.0~svn3900+rc2-1ubuntu0.1.debian.tar.gz
Files:
ea560943e3f5b0f5f79b3e1ba97167d6 1675 net optional kvirc_4.0.0~svn3900+rc2-1ubuntu0.1.dsc
2daf56d638544ecad140e0e988417515 32134 net optional kvirc_4.0.0~svn3900+rc2-1ubuntu0.1.debian.tar.gz
Original-Maintainer: Debian KDE Extras Team <pkg-kde-extras at lists.alioth.debian.org>
More information about the Lucid-changes
mailing list