Two security issues have been discovered in the DCC protocol support code of kvirc, a KDE-based next generation IRC client, which allow the overwriting of local files through directory traversal and the execution of arbitrary code through a format string attack. For the stable distribution (lenny), these problems have been fixed in version 3.4.0-5. For the unstable distribution (sid), these problems have been fixed in version 4.0.0~svn4340+rc3-1. We recommend that you upgrade your kvirc packages.
Two security issues have been discovered in the DCC protocol support code of kvirc, a KDE-based next generation IRC client, which allow the overwriting of local files through directory traversal and the execution of arbitrary code through a format string attack.
For the stable distribution (lenny), these problems have been fixed in version 3.4.0-5.
For the unstable distribution (sid), these problems have been fixed in version 4.0.0~svn4340+rc3-1.
We recommend that you upgrade your kvirc packages.
MD5 checksums of the listed files are available in the original advisory.