kvirc 2:3.2.4-5ubuntu1.1 source package in Ubuntu

Changelog

kvirc (2:3.2.4-5ubuntu1.1) feisty-security; urgency=low

  * SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
    when building the command for KVIrc's internet script system. This can
    be exploited to inject and execute commands for the KVIrc script system
    (including the "run" command, which can be leveraged to execute shell
    commands) by e.g. tricking a user into opening a specially crafted
    "irc://" or similar URI.
  * Add debian/patches/10_parseIrcUrl_security_fix.patch: properly sanitizes
    URI strings, as done in upstream SVN. (Fixes LP: #123037)
  * References:
    - http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
    - http://secunia.com/secunia_research/2007-56/advisory/
    - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
    - https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)
  * Add debian/control: Debian Maintainer Field

 -- <email address hidden> (Richard A. Johnson)   Mon, 02 Jul 2007 13:10:10 -0500