lp:ubuntu/intrepid/kvirc
- Get this branch:
- bzr branch lp:ubuntu/intrepid/kvirc
Branch information
Recent revisions
- 11. By Andreas Wenning
-
Added Added 31_r1997-
irchandler- exploit. patch which prevents known
exploit for executing commands as user using the irc:// handler. Patch
is taken directly from debian version 2:3.4.0-3. (LP: #289695) - 10. By Raúl Sánchez Siles <email address hidden>
-
* New upstream release.
* New version (3.4) available. (Closes: #473454)
* Adopt package after pinging several times maintainer without answer. See
bug #473454.
* Patches:
+ Removed patches 05_Kvi_Avatar_ Resize and 06_resizeavatar .patch. Applied
upstream.
+ Added patches for build system preparation: 01_am_maintainer_mode and
98_buildprep.
+ Added patch 20_fixman to fix a typo on man package.
+ Refreshed patch 09_plugin_dir to modify admin/acinclude.m4.in.
+ Reworked 02_rpath to deal with rpath removal on build.
* Dependencies:
+ Tighting depends for kvirc and kvirc-data.
+ Addind automake1.10 to build-deps.
* Bump policy to 3.7.3: Updated menu file to menu policy 1.4.
* Changed 3.2 references in rules,kvirc-data installation scripts to 3.4.
* Maintainer scripts:
+ Removing empty: kvirc-dev and kvirc.prerm.
+ Removing not needed: kvirc.postrm, kvirc.postinst.
* Removing link to manpage for kvi_make_scriptdist. sh no longer existing.
* Fixing installation paths for some files in kvirc and kvirc-data, taking
those paths from a patch.
* Adding some more new .desktop files.
* Adding Homepage field in control file. Removing from package description.
* Updated copyright file with information about repackaging and upstream
copyright holders.
* Adding Vcs-Svn and Vcs-Browser control fields. - 9. By Rich Johnson
-
* Merge from Debian unstable, remaining Ubuntu changes:
- 10_parseIrcUrl_security_ fix.patch
* New changes:
- debian/rules: change dh_iconcache to dh_icons - 8. By Rich Johnson
-
* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
when building the command for KVIrc's internet script system. This can
be exploited to inject and execute commands for the KVIrc script system
(including the "run" command, which can be leveraged to execute shell
commands) by e.g. tricking a user into opening a specially crafted
"irc://" or similar URI.
* Add debian/patches/ 10_parseIrcUrl_ security_ fix.patch: properly sanitizes
URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
- http://www.kvirc. net/?id= news&story= 2007.06. 29.22.00. 1.story& dir=latest
- http://secunia. com/secunia_ research/ 2007-56/ advisory/
- http://www.cve. mitre.org/ cgi-bin/ cvename. cgi?name= CVE-2007- 2951
- https://svn.kvirc. de/kvirc/ changeset/ 630/#file3 (fix to kvi_ircurl.cpp)
* Add debian/control: Debian Maintainer Field - 3. By Robin Verduijn <email address hidden>
-
* Rebuild for current dependencies.
* Update FSF address.
* Bump Standards-Version to 3.6.2.0 (no changes).
* Fix invalid characters in manpage. - 2. By Robin Verduijn <email address hidden>
-
* Change Recommends on xmms to a Suggests.
* Rebuild against KDE 3.3.1
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/kvirc