-
kvirc (2:3.2.4-5ubuntu1.1) feisty-security; urgency=low
* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
when building the command for KVIrc's internet script system. This can
be exploited to inject and execute commands for the KVIrc script system
(including the "run" command, which can be leveraged to execute shell
commands) by e.g. tricking a user into opening a specially crafted
"irc://" or similar URI.
* Add debian/patches/10_parseIrcUrl_security_fix.patch: properly sanitizes
URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
- http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
- http://secunia.com/secunia_research/2007-56/advisory/
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
- https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)
* Add debian/control: Debian Maintainer Field
-- <email address hidden> (Richard A. Johnson) Mon, 02 Jul 2007 13:10:10 -0500
-
kvirc (2:3.2.4-5ubuntu1) feisty; urgency=low
* Merge from Debian unstable
* Added dh_iconcache
kvirc (2:3.2.4-5) unstable; urgency=low
* Move plugins and modules from /usr/share into /usr/lib. (Closes: #392393)
Thanks, Steinar H. Gunderson.
- When checking if a directory is the kvirc global directory, don't
check for the modules, as they have moved; check for the help
directory instead (which the comments also suggest).
- Make a local hack in src/kvirc/kernel/kvi_app_fs.cpp to look for
modules and plugins in /usr/lib instead of /usr/share.
-- Richard A. Johnson <email address hidden> Wed, 15 Nov 2006 11:11:39 -0600
-
kvirc (2:3.2.4-3ubuntu1) edgy; urgency=low
* Merge from debian unstable ( again ).
-- Brandon Holtsclaw <email address hidden> Sat, 12 Aug 2006 01:17:12 -0500
