Branches for Edgy

Author: Brandon Holtsclaw
Revision Date: 2006-08-12 01:17:12 UTC

Merge from debian unstable ( again ).

Author: Rich Johnson
Revision Date: 2007-07-02 13:12:22 UTC

* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
  when building the command for KVIrc's internet script system. This can
  be exploited to inject and execute commands for the KVIrc script system
  (including the "run" command, which can be leveraged to execute shell
  commands) by e.g. tricking a user into opening a specially crafted
  "irc://" or similar URI.
* Add debian/patches/09_parseIrcUrl_security_fix.patch: properly sanitizes
  URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
  - http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
  - http://secunia.com/secunia_research/2007-56/advisory/
  - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
  - https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)

Author: Rich Johnson
Revision Date: 2007-07-02 13:12:22 UTC

* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
  when building the command for KVIrc's internet script system. This can
  be exploited to inject and execute commands for the KVIrc script system
  (including the "run" command, which can be leveraged to execute shell
  commands) by e.g. tricking a user into opening a specially crafted
  "irc://" or similar URI.
* Add debian/patches/09_parseIrcUrl_security_fix.patch: properly sanitizes
  URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
  - http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
  - http://secunia.com/secunia_research/2007-56/advisory/
  - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
  - https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)