kvirc 2:3.2.0-5ubuntu1.1 source package in Ubuntu
Changelog
kvirc (2:3.2.0-5ubuntu1.1) dapper-security; urgency=low
* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
when building the command for KVIrc's internet script system. This can
be exploited to inject and execute commands for the KVIrc script system
(including the "run" command, which can be leveraged to execute shell
commands) by e.g. tricking a user into opening a specially crafted
"irc://" or similar URI.
* Add debian/patches/09_parseIrcUrl_security_fix.patch: propery sanitizes
URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
- http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
- http://secunia.com/secunia_research/2007-56/advisory/
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
- https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)
-- <email address hidden> (Richard A. Johnson) Mon, 02 Jul 2007 13:14:30 -0500
Upload details
- Uploaded by:
- Rich Johnson
- Uploaded to:
- Dapper
- Original maintainer:
- Robin Verduijn
- Architectures:
- any
- Section:
- net
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| kvirc_3.2.0.orig.tar.gz | 5.6 MiB | 2f4b760e6a4cd90dea091da14989554dd0f37098e6383a9db8c4d1219844f658 |
| kvirc_3.2.0-5ubuntu1.1.diff.gz | 48.8 KiB | b331c2b08b15d035369b276e94a41e4745b9f87a7d689e98f7571da41773fdfc |
| kvirc_3.2.0-5ubuntu1.1.dsc | 672 bytes | cbc9028e3c930d0819610c25d41b25da1b8992fd29267e42699de6f561e11b1b |
Binary packages built by this source
- kvirc: No summary available for kvirc in ubuntu dapper.
No description available for kvirc in ubuntu dapper.
- kvirc-data: No summary available for kvirc-data in ubuntu dapper.
No description available for kvirc-data in ubuntu dapper.
- kvirc-dev: No summary available for kvirc-dev in ubuntu dapper.
No description available for kvirc-dev in ubuntu dapper.
