Your message dated Sun, 26 Oct 2008 23:17:18 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#503401: fixed in kvirc 2:3.4.0-3
has caused the Debian Bug report #503401,
regarding try to start command via irc:// handler
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
503401: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503401
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: kvirc
Version: 3.4.0
Severity: serious
Tags: security
--- Please enter the report below this line. ---
There is an exploit outside which trys to start commands via irc handler.
Dunno if there older versions which are also vuln. Maybe you will also adjust
the severity.
http://www.milw0rm.com/exploits/6832
With kind regards, Jan.
--
Never write mail to <[EMAIL PROTECTED]>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE
Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++
------END GEEK CODE BLOCK------
pgprK2BHl96zf.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: kvirc
Source-Version: 2:3.4.0-3
We believe that the bug you reported is fixed in the latest version of
kvirc, which is due to be installed in the Debian FTP archive:
kvirc-data_3.4.0-3_all.deb
to pool/main/k/kvirc/kvirc-data_3.4.0-3_all.deb
kvirc-dev_3.4.0-3_amd64.deb
to pool/main/k/kvirc/kvirc-dev_3.4.0-3_amd64.deb
kvirc_3.4.0-3.diff.gz
to pool/main/k/kvirc/kvirc_3.4.0-3.diff.gz
kvirc_3.4.0-3.dsc
to pool/main/k/kvirc/kvirc_3.4.0-3.dsc
kvirc_3.4.0-3_amd64.deb
to pool/main/k/kvirc/kvirc_3.4.0-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Raúl Sánchez Siles <[EMAIL PROTECTED]> (supplier of updated kvirc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 26 Oct 2008 21:14:02 +0100
Source: kvirc
Binary: kvirc kvirc-data kvirc-dev
Architecture: source all amd64
Version: 2:3.4.0-3
Distribution: unstable
Urgency: medium
Maintainer: Debian KDE Extras Team <[EMAIL PROTECTED]>
Changed-By: Raúl Sánchez Siles <[EMAIL PROTECTED]>
Description:
kvirc - KDE based next generation IRC client with module support
kvirc-data - Data files for KVIrc
kvirc-dev - Development files for KVIrc
Closes: 503401
Changes:
kvirc (2:3.4.0-3) unstable; urgency=medium
.
* try to start command via irc:// handler (Closes: #503401).
Added 31_r1997-irchandler-exploit-bug503401.patch
* Urgency medium due to potential security bug fix.
Checksums-Sha1:
7e0dafde7558e06191f7097c08f5bf32b7f69bd0 1340 kvirc_3.4.0-3.dsc
5de8eb0d46ed3d6092b8f8818cb4aac774f63357 53291 kvirc_3.4.0-3.diff.gz
321aea442b683557fbaa43d92268f332f600e673 3704238 kvirc-data_3.4.0-3_all.deb
c7412d539429f390da2ed2e00539507d43e65377 3711692 kvirc_3.4.0-3_amd64.deb
e6b722e68befaaa2fc801d886580bde0c873b4dc 381856 kvirc-dev_3.4.0-3_amd64.deb
Checksums-Sha256:
fb14b5851d262850764e32c96b33bd27ff71476e420e8717a67a6b38537d7e04 1340
kvirc_3.4.0-3.dsc
fe792aaa09d92dc85c51d1d15ab306f5b1fe70cfad4013bf2732366f0f52a71a 53291
kvirc_3.4.0-3.diff.gz
ef892f37fe6ed6754b652089166ef476af0723c5289f6a07ea6abc12ad5eb3f1 3704238
kvirc-data_3.4.0-3_all.deb
abb50441837b423048b30c826660521ffb8128cc005562c811b8dcbad2191489 3711692
kvirc_3.4.0-3_amd64.deb
59e6d5baecb2cf0400a76fe68429bc0611d74276114b2354f83b7a8ee3d8abca 381856
kvirc-dev_3.4.0-3_amd64.deb
Files:
59e401ddac4343dcc5aa81c8ab10ff70 1340 net optional kvirc_3.4.0-3.dsc
54565e0b050b62ae143104fadc53a9e9 53291 net optional kvirc_3.4.0-3.diff.gz
75aeb74caf5db26afeb2fb9ec856626e 3704238 net optional
kvirc-data_3.4.0-3_all.deb
a9f9a2b9a807eb081b810dfcada58e08 3711692 net optional kvirc_3.4.0-3_amd64.deb
a64969bdbbd9bd7761ed37df8a7cfe99 381856 devel optional
kvirc-dev_3.4.0-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Signed by Ana Guerrero
iEYEARECAAYFAkkE/AIACgkQn3j4POjENGGKRQCfVwrob+nx3MoinjTrgOcun2DG
JqMAnRLM3bDcklI5q3OKQOMRSAX79KFI
=d9Bh
-----END PGP SIGNATURE-----
--- End Message ---
