-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 02 Jul 2007 13:14:30 -0500
Source: kvirc
Binary: kvirc-dev kvirc-data kvirc
Architecture: sparc_translations sparc
Version: 2:3.2.0-5ubuntu1.1
Distribution: dapper-security
Urgency: low
Maintainer: Ubuntu/sparc Build Daemon <buildd@vivies.buildd>
Changed-By: Richard A. Johnson <nixternal@ubuntu.com>
Description: 
 kvirc      - KDE based next generation IRC client with module support
 kvirc-dev  - Development files for KVIrc
Changes: 
 kvirc (2:3.2.0-5ubuntu1.1) dapper-security; urgency=low
 .
   * SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
     when building the command for KVIrc's internet script system. This can
     be exploited to inject and execute commands for the KVIrc script system
     (including the "run" command, which can be leveraged to execute shell
     commands) by e.g. tricking a user into opening a specially crafted
     "irc://" or similar URI.
   * Add debian/patches/09_parseIrcUrl_security_fix.patch: propery sanitizes
     URI strings, as done in upstream SVN. (Fixes LP: #123037)
   * References:
     - http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
     - http://secunia.com/secunia_research/2007-56/advisory/
     - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
     - https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)
Files: 
 5e9b45436f71f78123d3ea9ec79744f3 2433996 net optional kvirc_3.2.0-5ubuntu1.1_sparc.deb
 d50b0e4881f363e74a3f53ac0a9f5eb1 343042 devel optional kvirc-dev_3.2.0-5ubuntu1.1_sparc.deb
 a9cb1278f86eafeaf72760d051e430fa 1421402 raw-translations - kvirc_3.2.0-5ubuntu1.1_sparc_translations.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFGisn20N0xjzyQZEIRApmNAKCMXNQmXwCG75oqH1RFAsJ5QZIgqwCeMzpK
qrTerGzptx7WhCZYDt2oMy0=
=m5yP
-----END PGP SIGNATURE-----