** This bug is no longer a duplicate of bug 123595
KVIrc security issue with releases >= 3.2.0 (Dapper - Gutsy)
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-2951
** Changed in: kvirc (Ubuntu)
Status: In Progress => Fix Released
--
KVIrc irc:// URI Handler Comm
kvirc (2:3.2.4-5ubuntu2) gutsy; urgency=low
* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
when building the command for KVIrc's internet script system. This can
be exploited to inject and execute commands for the KVIrc script system
(including the "run" c
*** This bug is a duplicate of bug 123595 ***
https://bugs.launchpad.net/bugs/123595
** This bug has been marked a duplicate of bug 123595
KVIrc security issue with releases >= 3.2.0 (Dapper - Gutsy)
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-2951
--
KVIrc ir
** Changed in: kvirc (Ubuntu)
Assignee: (unassigned) => Richard Johnson
Status: Triaged => In Progress
--
KVIrc irc:// URI Handler Command Execution Vulnerability
https://bugs.launchpad.net/bugs/123037
You received this bug notification because you are a member of Ubuntu
Bugs, which i
Thanks for taking the time to report this bug and helping to make Ubuntu
better. If someone can prepare (and test) the fixes and attach debdiffs
that follow the [https://wiki.ubuntu.com/SecurityUpdateProcedures], I'd
be more than happy to get them uploaded.
** Visibility changed to: Public
** Ch
Hi Richard,
I opened this bug. I reported Secunia security report against kvirc. See
above.
I just subscribed you. The reason is simple. I checked the change log of
the kvirc ubuntu package and I found you as a person who did the last
change. I think you have the ability to prepare (and test) the
