[ubuntu/lucid-security] kvirc_4.0.0~svn3900+rc2-1ubuntu0.2_amd64_translations.tar.gz, kvirc, kvirc_4.0.0~svn3900+rc2-1ubuntu0.2_sparc_translations.tar.gz (delayed), kvirc_4.0.0~svn3900+rc2-1ubuntu0.2_armel_translations.tar.gz, kvirc_4.0.0~svn3900+rc2-1ubuntu0.2_powerpc_translations.tar.gz, kvirc_4.0.0~svn3900+rc2-1ubuntu0.2_i386_translations.tar.gz, kvirc_4.0.0~svn3900+rc2-1ubuntu0.2_ia64_translations.tar.gz 4:4.0.0~svn3900+rc2-1ubuntu0.2 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Tue Mar 15 21:06:16 UTC 2011
kvirc (4:4.0.0~svn3900+rc2-1ubuntu0.2) lucid-security; urgency=low
* SECURITY UPDATE: The IRC Protocol component in KVIrc 3.x and 4.x before
r4693 does not properly handle \ (backslash) characters, which allows
remote authenticated users to execute arbitrary CTCP commands via vectors
involving \r and \40 sequences, a different vulnerability than CVE-2010-2451
and CVE-2010-2452.
- 33_upstream_security_#858.patch
- Patch based on upstream SVN revision 4693.
- CVE-2010-2785:
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-2785
- LP: #612682
Date: Sat, 12 Mar 2011 20:00:18 -0600
Changed-By: Nathan Handler <nhandler at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/kvirc/4:4.0.0~svn3900+rc2-1ubuntu0.2
-------------- next part --------------
Format: 1.8
Date: Sat, 12 Mar 2011 20:00:18 -0600
Source: kvirc
Binary: kvirc kvirc-data kvirc-dbg
Architecture: source
Version: 4:4.0.0~svn3900+rc2-1ubuntu0.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Nathan Handler <nhandler at ubuntu.com>
Description:
kvirc - KDE-based next generation IRC client with module support
kvirc-data - Data files for KVIrc
kvirc-dbg - KVIrc (IRC client) debugging symbols
Launchpad-Bugs-Fixed: 612682
Changes:
kvirc (4:4.0.0~svn3900+rc2-1ubuntu0.2) lucid-security; urgency=low
.
* SECURITY UPDATE: The IRC Protocol component in KVIrc 3.x and 4.x before
r4693 does not properly handle \ (backslash) characters, which allows
remote authenticated users to execute arbitrary CTCP commands via vectors
involving \r and \40 sequences, a different vulnerability than CVE-2010-2451
and CVE-2010-2452.
- 33_upstream_security_#858.patch
- Patch based on upstream SVN revision 4693.
- CVE-2010-2785:
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-2785
- LP: #612682
Checksums-Sha1:
8456a1ec33df73af55fdf558d1172b392e07f65f 2315 kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.dsc
b44a814a818128c5cbf890176fbfe0b57d8d3dc1 33404 kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.debian.tar.gz
Checksums-Sha256:
0aba1d65f0da61d4d0406600ae17f9afeaf79a3116dbb1a8c1edd323e13832b7 2315 kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.dsc
7c7babb9cd16468c134cb8f0d1d1c1d722e14a7c0e6495a841648326f8ab3ae6 33404 kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.debian.tar.gz
Files:
1f8ac31839fbeabab63181b41a046dd1 2315 net optional kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.dsc
ac363cfcadd5efb850633c44021546a8 33404 net optional kvirc_4.0.0~svn3900+rc2-1ubuntu0.2.debian.tar.gz
Original-Maintainer: Debian KDE Extras Team <pkg-kde-extras at lists.alioth.debian.org>
More information about the Lucid-changes
mailing list