lp:ubuntu/jaunty-updates/kvirc
- Get this branch:
- bzr branch lp:ubuntu/jaunty-updates/kvirc
Branch merges
Branch information
Recent revisions
- 16. By Andreas Wenning
-
* SECURITY UPDATE: Two security issues have been discovered in the DCC
protocol support code of kvirc, a KDE-based next generation IRC client,
which allow the overwriting of local files through directory traversal
and the execution of arbitrary code through a format string attack.
- kubuntu_01_CVE- 2010-2451_ CVE-2010- 2451_DCC_ fix.patch
- Patch based on upstream SVN revision 4317.
- CVE-2010-2451, CVE-2010-2452:
- http://cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2010- 2451
- http://cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2010- 2452
- LP: #601702 - 15. By Alessandro Ghersi
-
[ Alessandro Ghersi ]
* Fix missing icon in menu (LP: #335023)
* Add kubuntu_02_fix_ cmakelist_ icons.patch and refresh 05_xpmicon.patch [ Alessio Treglia ]
* Section field in kvirc-data duplicates the value inherited from source package,
fixed. - 14. By Roderick B. Greening
-
* SVN pre-release (2009/01/26)
* Update debian/copyright
* Update packaging to use kde4.mk and cmake
* Update build deps
* Update compat (debhelper >= 6)
* Update standards to 3.8.0
* Update *.install to comply with new standards version
* Fix post/pre scripts to update alternatives for irc.protocol
* Remove unnecessary patches
- 01_am_maintainer_mode. patch
- 02_rpath.patch
- 09_plugin_dir.patch
- 13_eula.patch
- 30_security-cipherlist- bad-order_ r1990.patch
- 31_r1997-irchandler- exploit-bug503401.patch
- 51_PERL_SYS_INIT3_ r2271-bug495064.patch
- 52_windowmenu-crashes_ r1991.patch
- 98_buildprep.diff
* New patches
- kubuntu_01_fix_ desktop_ entry.patch
* Update patches
- 05_xpmicon.patch - 12. By Raúl Sánchez Siles <email address hidden>
-
* try to start command via irc:// handler (Closes: #503401).
Added 31_r1997-irchandler- exploit-bug503401.patch
* Urgency medium due to potential security bug fix. - 11. By Andreas Wenning
-
Added Added 31_r1997-
irchandler- exploit. patch which prevents known
exploit for executing commands as user using the irc:// handler. Patch
is taken directly from debian version 2:3.4.0-3. (LP: #289695) - 10. By Raúl Sánchez Siles <email address hidden>
-
* New upstream release.
* New version (3.4) available. (Closes: #473454)
* Adopt package after pinging several times maintainer without answer. See
bug #473454.
* Patches:
+ Removed patches 05_Kvi_Avatar_ Resize and 06_resizeavatar .patch. Applied
upstream.
+ Added patches for build system preparation: 01_am_maintainer_mode and
98_buildprep.
+ Added patch 20_fixman to fix a typo on man package.
+ Refreshed patch 09_plugin_dir to modify admin/acinclude.m4.in.
+ Reworked 02_rpath to deal with rpath removal on build.
* Dependencies:
+ Tighting depends for kvirc and kvirc-data.
+ Addind automake1.10 to build-deps.
* Bump policy to 3.7.3: Updated menu file to menu policy 1.4.
* Changed 3.2 references in rules,kvirc-data installation scripts to 3.4.
* Maintainer scripts:
+ Removing empty: kvirc-dev and kvirc.prerm.
+ Removing not needed: kvirc.postrm, kvirc.postinst.
* Removing link to manpage for kvi_make_scriptdist. sh no longer existing.
* Fixing installation paths for some files in kvirc and kvirc-data, taking
those paths from a patch.
* Adding some more new .desktop files.
* Adding Homepage field in control file. Removing from package description.
* Updated copyright file with information about repackaging and upstream
copyright holders.
* Adding Vcs-Svn and Vcs-Browser control fields. - 9. By Rich Johnson
-
* Merge from Debian unstable, remaining Ubuntu changes:
- 10_parseIrcUrl_security_ fix.patch
* New changes:
- debian/rules: change dh_iconcache to dh_icons - 8. By Rich Johnson
-
* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
when building the command for KVIrc's internet script system. This can
be exploited to inject and execute commands for the KVIrc script system
(including the "run" command, which can be leveraged to execute shell
commands) by e.g. tricking a user into opening a specially crafted
"irc://" or similar URI.
* Add debian/patches/ 10_parseIrcUrl_ security_ fix.patch: properly sanitizes
URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
- http://www.kvirc. net/?id= news&story= 2007.06. 29.22.00. 1.story& dir=latest
- http://secunia. com/secunia_ research/ 2007-56/ advisory/
- http://www.cve. mitre.org/ cgi-bin/ cvename. cgi?name= CVE-2007- 2951
- https://svn.kvirc. de/kvirc/ changeset/ 630/#file3 (fix to kvi_ircurl.cpp)
* Add debian/control: Debian Maintainer Field
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/kvirc