** Also affects: kvirc (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: kvirc (Ubuntu Natty)
Importance: Medium
Status: Confirmed
** Changed in: kvirc (Ubuntu Lucid)
Status: New = In Progress
** Changed in: kvirc (Ubuntu Natty)
Status:
ACK for lucid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/612682
Title:
KVIrc security release 4.0.2 avaible
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
Thanks for the debdiff! Uploaded to the security PPA and will push to
the archive when it is done building.
** Changed in: kvirc (Ubuntu Lucid)
Status: Confirmed = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
This bug was fixed in the package kvirc - 4:4.0.0~svn3900+rc2-1ubuntu0.2
---
kvirc (4:4.0.0~svn3900+rc2-1ubuntu0.2) lucid-security; urgency=low
* SECURITY UPDATE: The IRC Protocol component in KVIrc 3.x and 4.x before
r4693 does not properly handle \ (backslash) characters,
This patch should resolve this issue. It is based on the patch applied
upstream (https://svn.kvirc.de/kvirc/changeset/4693) and in Debian
(http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=kvirc_3.4
.0_security-team.debdiff;att=2;bug=590745). Ubuntu Maverick, Natty, and
Debian already
I have just received confirmation that the version of kvirc in my PPA
(same as this debdiff) successfully resolves this bug. I am subscribing
ubuntu-security-sponsors
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: kvirc (Ubuntu)
Status: Confirmed = In Progress
** Changed in: kvirc (Ubuntu)
Assignee: (unassigned) = Nathan Handler (nhandler)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
This bug has now been known for 7+ months and while importance is set to
'medium' it has real consequences for a lot of users. This vulnerability
is being actively exploited on freenode and we're considering blocking
old versions of kvirc due to the problems caused.
I hope this bug will finally
To reiterate what Marc said in comment #2, this package is in universe
and is community maintained. If you are able, I suggest posting a
debdiff for this issue. When a debdiff is available, members of the
security team will review it and publish the package. See the following
link for more
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2785
--
KVIrc security release 4.0.2 avaible
https://bugs.launchpad.net/bugs/612682
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
I can give you my debian dirs with which I compiled KVIrc for karmic and
lucid, mainly I use the work of the debian guys in an older version
http://www.rzuser.uni-heidelberg.de/~xt1/ubuntu/kvirc_karmic_debiandir.tar.gz
the debian maintainer has already build new packages, they await upload
to unstable.
http://hg.debian.org/hg/pkg-kde/kde-extras/kvirc
http://dev.carbon-project.org/debian/kvirc/ has a singed preview of the
packages until they got uploaded to debian unstable.
--
KVIrc security release 4.0.2
12 matches
Mail list logo
