Change logs for kvirc source package in Gutsy
-
kvirc (2:3.2.4-5ubuntu2) gutsy; urgency=low * SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI when building the command for KVIrc's internet script system. This can be exploited to inject and execute commands for the KVIrc script system (including the "run" command, which can be leveraged to execute shell commands) by e.g. tricking a user into opening a specially crafted "irc://" or similar URI. * Add debian/patches/10_parseIrcUrl_security_fix.patch: properly sanitizes URI strings, as done in upstream SVN. (Fixes LP: #123037) * References: - http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest - http://secunia.com/secunia_research/2007-56/advisory/ - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951 - https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp) * Add debian/control: Debian Maintainer Field -- <email address hidden> (Richard A. Johnson) Mon, 02 Jul 2007 13:16:11 -0500
-
kvirc (2:3.2.4-5ubuntu1) feisty; urgency=low * Merge from Debian unstable * Added dh_iconcache kvirc (2:3.2.4-5) unstable; urgency=low * Move plugins and modules from /usr/share into /usr/lib. (Closes: #392393) Thanks, Steinar H. Gunderson. - When checking if a directory is the kvirc global directory, don't check for the modules, as they have moved; check for the help directory instead (which the comments also suggest). - Make a local hack in src/kvirc/kernel/kvi_app_fs.cpp to look for modules and plugins in /usr/lib instead of /usr/share. -- Richard A. Johnson <email address hidden> Wed, 15 Nov 2006 11:11:39 -0600