CVE-2010-2451, CVE-2010-2452 Multiple vulnerabilities in DCC
Bug #601702 reported by
Andreas Wenning
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kvirc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jaunty |
Fix Released
|
Medium
|
Unassigned | ||
Karmic |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Unassigned | ||
Maverick |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: kvirc
From the Debian advisory http://
Two security issues have been discovered in the DCC protocol support code of kvirc, a KDE-based next generation IRC client, which allow the overwriting of local files through directory traversal and the execution of arbitrary code through a format string attack.
Already fixed in 4.0.0~rc3 in maverick.
visibility: | private → public |
Changed in kvirc (Ubuntu Maverick): | |
status: | New → Fix Released |
Changed in kvirc (Ubuntu Lucid): | |
status: | New → In Progress |
Changed in kvirc (Ubuntu Karmic): | |
status: | New → In Progress |
Changed in kvirc (Ubuntu Jaunty): | |
status: | New → In Progress |
To post a comment you must log in.
Patches prepared for lucid, karmic and jaunty. All have been tested in a chroot of the release to which they are prepared for.
Debdiff for lucid