Debian Bug report logs -
#434419
kvirc: Arbitrary command execution with irc:// and irc6:// URIs (CVE-2007-2951)
Reported by: Edgar Ibsen <edgaribsen2@yahoo.com>
Date: Mon, 23 Jul 2007 18:36:02 UTC
Severity: grave
Tags: security
Found in version kvirc/2:3.2.4-5
Done: Steffen Joeris <steffen.joeris@skolelinux.de>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, edgaribsen2@yahoo.com, Debian Security Team <team@security.debian.org>, Robin Verduijn <robin@debian.org>:
Bug#434419; Package kvirc.
(full text, mbox, link).
Acknowledgement sent to Edgar Ibsen <edgaribsen2@yahoo.com>:
New Bug report received and forwarded. Copy sent to edgaribsen2@yahoo.com, Debian Security Team <team@security.debian.org>, Robin Verduijn <robin@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: kvirc
Version: 2:3.2.4-5
Severity: grave
Tags: security
Justification: user security hole
Nothing more to say beyond what is in the CVE report:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (990, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.21
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages kvirc depends on:
ii kdelibs4c2a 4:3.5.7.dfsg.1-2 core libraries and binaries for al
ii kvirc-data 2:3.2.4-5 Data files for KVIrc
ii libacl1 2.2.42-1 Access control list shared library
ii libart-2.0-2 2.3.19-3 Library of functions for 2D graphi
ii libarts1c2a 1.5.7-2 aRts sound system core components
ii libasound2 1.0.14a-2 ALSA library
ii libattr1 1:2.4.32-1.1 Extended attribute shared library
ii libaudio2 1.9-2+b1 The Network Audio System (NAS). (s
ii libaudiofile0 0.2.6-7 Open-source version of SGI's audio
ii libc6 2.6-2 GNU C Library: Shared libraries
ii libesd0 0.2.36-3 Enlightened Sound Daemon - Shared
ii libfontconfig1 2.4.2-1.2 generic font configuration library
ii libfreetype6 2.3.5-1+b1 FreeType 2 font engine, shared lib
ii libgamin0 [libfam0] 0.1.8-2 Client library for the gamin file
ii libgcc1 1:4.2.1-0 GCC support library
ii libglib2.0-0 2.12.13-1 The GLib library of C routines
ii libice6 1:1.0.3-2 X11 Inter-Client Exchange library
ii libidn11 0.6.5-1 GNU libidn library, implementation
ii libjack0.100.0-0 0.103.0-6 JACK Audio Connection Kit (librari
ii libjpeg62 6b-13 The Independent JPEG Group's JPEG
ii libmad0 0.15.1b-2.1 MPEG audio decoder library
ii libogg0 1.1.3-2 Ogg Bitstream Library
ii libperl5.8 5.8.8-7 Shared Perl library
ii libpng12-0 1.2.15~beta5-2 PNG library - runtime
ii libqt3-mt 3:3.3.7-5 Qt GUI Library (Threaded runtime v
ii libsm6 2:1.0.3-1+b1 X11 Session Management library
ii libssl0.9.8 0.9.8e-5 SSL shared libraries
ii libstdc++6 4.2.1-0 The GNU Standard C++ Library v3
ii libvorbis0a 1.1.2.dfsg-2 The Vorbis General Audio Compressi
ii libvorbisenc2 1.1.2.dfsg-2 The Vorbis General Audio Compressi
ii libvorbisfile3 1.1.2.dfsg-2 The Vorbis General Audio Compressi
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxcursor1 1:1.1.8-2 X cursor management library
ii libxext6 1:1.0.3-2 X11 miscellaneous extension librar
ii libxft2 2.1.12-2 FreeType-based font drawing librar
ii libxi6 2:1.1.1-1 X11 Input extension library
ii libxinerama1 1:1.0.2-1 X11 Xinerama extension library
ii libxrandr2 2:1.2.1-1 X11 RandR extension library
ii libxrender1 1:0.9.2-1 X Rendering Extension client libra
ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library
ii zlib1g 1:1.2.3.3.dfsg-5 compression library - runtime
kvirc recommends no packages.
-- no debconf information
Reply sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Edgar Ibsen <edgaribsen2@yahoo.com>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 434419-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi
I checked the code and the function in question is no longer present in the
stable/testing/unstable versions of kvirc. Therefore, I mark this bug as
done.
Cheers
Steffen
[signature.asc (application/pgp-signature, inline)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 11 Sep 2007 07:27:06 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:44:52 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon