kvirc 2:3.2.4-5ubuntu2 source package in Ubuntu
Changelog
kvirc (2:3.2.4-5ubuntu2) gutsy; urgency=low * SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI when building the command for KVIrc's internet script system. This can be exploited to inject and execute commands for the KVIrc script system (including the "run" command, which can be leveraged to execute shell commands) by e.g. tricking a user into opening a specially crafted "irc://" or similar URI. * Add debian/patches/10_parseIrcUrl_security_fix.patch: properly sanitizes URI strings, as done in upstream SVN. (Fixes LP: #123037) * References: - http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest - http://secunia.com/secunia_research/2007-56/advisory/ - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951 - https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp) * Add debian/control: Debian Maintainer Field -- <email address hidden> (Richard A. Johnson) Mon, 02 Jul 2007 13:16:11 -0500
Upload details
- Uploaded by:
- Rich Johnson
- Sponsored by:
- Kees Cook
- Uploaded to:
- Gutsy
- Original maintainer:
- MOTU
- Architectures:
- any
- Section:
- net
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
kvirc_3.2.4.orig.tar.gz | 7.4 MiB | 115dcd30e27d165bfb408673004ad6711b1dbde625c2031566b0ace538cc95d9 |
kvirc_3.2.4-5ubuntu2.diff.gz | 293.1 KiB | b55e1a030b845d236b7479fb338e49398dc4bc7f84c9835d4ec8385dca2ab5c8 |
kvirc_3.2.4-5ubuntu2.dsc | 744 bytes | cc4557f394e49a7484c5ad884349bc9ed86ed0e5d3a1a6077a64e4b446cf84a0 |
Binary packages built by this source
- kvirc: No summary available for kvirc in ubuntu hardy.
No description available for kvirc in ubuntu hardy.
- kvirc-data: No summary available for kvirc-data in ubuntu hardy.
No description available for kvirc-data in ubuntu hardy.
- kvirc-dev: No summary available for kvirc-dev in ubuntu hardy.
No description available for kvirc-dev in ubuntu hardy.