diff -Nru kvirc-4.0.0~svn3900+rc2/debian/changelog kvirc-4.0.0~svn3900+rc2/debian/changelog
--- kvirc-4.0.0~svn3900+rc2/debian/changelog	2010-01-28 17:15:19.000000000 +0100
+++ kvirc-4.0.0~svn3900+rc2/debian/changelog	2010-07-05 00:42:55.000000000 +0200
@@ -1,3 +1,18 @@
+kvirc (4:4.0.0~svn3900+rc2-1ubuntu0.1) lucid-security; urgency=low
+
+  * SECURITY UPDATE: Two security issues have been discovered in the DCC
+    protocol support code of kvirc, a KDE-based next generation IRC client,
+    which allow the overwriting of local files through directory traversal
+    and the execution of arbitrary code through a format string attack.
+    - kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch
+      - Patch based on upstream SVN revision 4317.
+    - CVE-2010-2451, CVE-2010-2452:
+      - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2451
+      - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2452
+    - LP: #601702
+
+ -- Andreas Wenning <awen@awen.dk>  Mon, 05 Jul 2010 00:42:47 +0200
+
 kvirc (4:4.0.0~svn3900+rc2-1) unstable; urgency=low
 
   The »Vampire Nighthawk« release.
diff -Nru kvirc-4.0.0~svn3900+rc2/debian/control kvirc-4.0.0~svn3900+rc2/debian/control
--- kvirc-4.0.0~svn3900+rc2/debian/control	2010-01-28 17:15:19.000000000 +0100
+++ kvirc-4.0.0~svn3900+rc2/debian/control	2010-07-05 00:29:13.000000000 +0200
@@ -4,7 +4,8 @@
  libqt4-dev (>= 4.5.0), libcrypto++-dev, pkg-config, libxss-dev
 Section: net
 Priority: optional
-Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>
 Uploaders: Raúl Sánchez Siles <rasasi78@gmail.com>,
  Kai Wasserbäch <debian@carbon-project.org>,
  Mark Purcell <msp@debian.org>
diff -Nru kvirc-4.0.0~svn3900+rc2/debian/patches/kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch kvirc-4.0.0~svn3900+rc2/debian/patches/kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch
--- kvirc-4.0.0~svn3900+rc2/debian/patches/kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch	1970-01-01 01:00:00.000000000 +0100
+++ kvirc-4.0.0~svn3900+rc2/debian/patches/kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch	2010-07-05 02:36:54.000000000 +0200
@@ -0,0 +1,496 @@
+Index: b/src/kvilib/ext/kvi_osinfo.cpp
+===================================================================
+--- a/src/kvilib/ext/kvi_osinfo.cpp	2010-07-05 00:18:59.551975634 +0200
++++ b/src/kvilib/ext/kvi_osinfo.cpp	2010-07-05 00:19:04.691976671 +0200
+@@ -353,14 +353,14 @@
+ 				szVersion+= QString("Service Pack 6a (Build %1)").arg( osvi.dwBuildNumber & 0xFFFF );
+ 			else // Windows NT 4.0 prior to SP6a
+ 			{
+-				szVersion+= QString( "%1 (Build %2)").arg( osvi.szCSDVersion).arg( osvi.dwBuildNumber & 0xFFFF);
++				szVersion+= QString( "%1 (Build %2)").arg( osvi.szCSDVersion,  osvi.dwBuildNumber & 0xFFFF);
+ 			}
+ 
+ 			RegCloseKey( hKey );
+ 		}
+ 		else // not Windows NT 4.0
+ 		{
+-			szVersion+= QString( "%1 (Build %2)").arg( osvi.szCSDVersion).arg( osvi.dwBuildNumber & 0xFFFF);
++			szVersion+= QString( "%1 (Build %2)").arg( osvi.szCSDVersion,  osvi.dwBuildNumber & 0xFFFF);
+ 		}
+ 
+ 		break;
+Index: b/src/kvilib/tal/kvi_tal_wizard.cpp
+===================================================================
+--- a/src/kvilib/tal/kvi_tal_wizard.cpp	2010-07-05 00:18:59.541980019 +0200
++++ b/src/kvilib/tal/kvi_tal_wizard.cpp	2010-07-05 00:19:04.691976671 +0200
+@@ -357,7 +357,7 @@
+ 		szSteps = "<nobr><font color=\"";
+ 		szSteps += clrMid.name();
+ 		szSteps += "\"><b>[";
+-		szSteps += QString("Step %1 of %2").arg(pData->iVisibleIndex).arg(m_p->iEnabledPageCount);
++		szSteps += QString("Step %1 of %2").arg(pData->iVisibleIndex, m_p->iEnabledPageCount);
+ 		szSteps += "]</b></font></nobr>";
+ 	}
+ 
+Index: b/src/modules/dcc/chat.cpp
+===================================================================
+--- a/src/modules/dcc/chat.cpp	2010-07-05 00:18:59.481977213 +0200
++++ b/src/modules/dcc/chat.cpp	2010-07-05 00:19:04.691976671 +0200
+@@ -222,7 +222,7 @@
+ 			struct in_addr a;
+ 			if(KviNetUtils::stringIpToBinaryIp(ip.ptr(),&a))ip.setNum(htonl(a.s_addr));
+ 
+-			QString szReq = QString("PRIVMSG %1 :%2DCC %3 chat %4 %5").arg(m_pDescriptor->szNick).arg((char)0x01).arg(m_pDescriptor->szType).arg(ip.ptr()).arg(port);
++			QString szReq = QString("PRIVMSG %1 :%2DCC %3 chat %4 %5").arg(m_pDescriptor->szNick, QChar(0x01), m_pDescriptor->szType, ip.ptr(), port);
+ 
+ 			if(m_pDescriptor->isZeroPortRequest())
+ 			{
+@@ -271,11 +271,11 @@
+ {
+ 	QString tmp = QString("DCC %1 %2@%3:%4").arg(
+ #ifdef COMPILE_SSL_SUPPORT
+-		m_pDescriptor->bIsSSL ? "SChat" : "Chat").arg(
++		m_pDescriptor->bIsSSL ? "SChat" : "Chat", 
+ #else
+-		"Chat").arg(
++		"Chat", 
+ #endif
+-		m_pDescriptor->szNick).arg(m_pDescriptor->szIp).arg(m_pDescriptor->szPort);
++		m_pDescriptor->szNick, m_pDescriptor->szIp, m_pDescriptor->szPort);
+ 
+ 	m_szPlainTextCaption = tmp;
+ }
+Index: b/src/modules/dcc/requests.cpp
+===================================================================
+--- a/src/modules/dcc/requests.cpp	2010-07-05 00:18:59.501976612 +0200
++++ b/src/modules/dcc/requests.cpp	2010-07-05 00:19:04.691976671 +0200
+@@ -85,7 +85,7 @@
+ 
+ 	if(KVI_OPTION_BOOL(KviOption_boolNotifyFailedDccHandshakes))
+ 	{
+-		QString szError = QString("Sorry, your DCC %1 request can't be satisfied: %2").arg(dcc->szType.ptr()).arg(errText);
++		QString szError = QString("Sorry, your DCC %1 request can't be satisfied: %2").arg(dcc->szType.ptr(), errText);
+ 		dcc_module_reply_errmsg(dcc,szError);
+ 	}
+ }
+@@ -464,6 +464,16 @@
+ 		dcc->szParam1.cutToLast('/');
+ 	}
+ 
++	if(dcc->szParam1.contains("%2F"))
++	{
++		if(!dcc->ctcpMsg->msg->haltOutput())
++		{
++			dcc->ctcpMsg->msg->console()->output(KVI_OUT_DCCMSG,
++				__tr2qs_ctx("The above request is broken: The filename contains path components, stripping the leading path and trying to continue","dcc"),dcc->szParam1.ptr());
++		}
++		dcc->szParam1.cutToLast("%2F");
++	}
++
+ 	KviStr szExtensions = dcc->szType;
+ 	szExtensions.cutRight(4); // cut off SEND
+ 
+Index: b/src/modules/dcc/broker.cpp
+===================================================================
+--- a/src/modules/dcc/broker.cpp	2010-07-05 00:18:59.491980649 +0200
++++ b/src/modules/dcc/broker.cpp	2010-07-05 00:19:04.691976671 +0200
+@@ -275,7 +275,7 @@
+ 		QString tmp = __tr2qs_ctx( \
+ 				"<b>%1 [%2@%3]</b> requests a " \
+ 				"<b>Direct Client Connection</b> in <b>%4</b> mode.<br>", \
+-				"dcc").arg(dcc->szNick).arg(dcc->szUser).arg(dcc->szHost).arg(dcc->szType);
++				"dcc").arg(dcc->szNick, dcc->szUser, dcc->szHost, dcc->szType);
+ 
+ #ifdef COMPILE_SSL_SUPPORT
+ 		if(dcc->bIsSSL)tmp += __tr2qs_ctx("The connection will be secured using SSL.<br>","dcc");
+@@ -289,7 +289,7 @@
+ 		} else {
+ 			tmp += __tr2qs_ctx( \
+ 					"The connection target will be host <b>%1</b> on port <b>%2</b><br>" \
+-					,"dcc").arg(dcc->szIp).arg(dcc->szPort);
++					,"dcc").arg(dcc->szIp, dcc->szPort);
+ 		}
+ 
+ 
+@@ -322,7 +322,7 @@
+ 	KviStr szSubProto = dcc->szType;
+ 	szSubProto.toLower();
+ 
+-	QString tmp = QString("dcc: %1 %2@%3:%4").arg(szSubProto.ptr()).arg(dcc->szNick).arg(dcc->szIp).arg(dcc->szPort);
++	QString tmp = QString("dcc: %1 %2@%3:%4").arg(szSubProto.ptr(), dcc->szNick, dcc->szIp, dcc->szPort);
+ 	KviDccChat * chat = new KviDccChat(dcc->console()->frame(),dcc,tmp.toUtf8().data());
+ 
+ 	bool bMinimized = dcc->bOverrideMinimize ? dcc->bShowMinimized : \
+@@ -348,7 +348,7 @@
+ 					"<b>Direct Client Connection</b> in <b>VOICE</b> mode.<br>" \
+ 					"The connection target will be host <b>%4</b> on port <b>%5</b><br>" \
+ 				,"dcc" \
+-			).arg(dcc->szNick).arg(dcc->szUser).arg(dcc->szHost).arg(dcc->szIp).arg(dcc->szPort);
++			).arg(dcc->szNick, dcc->szUser, dcc->szHost, dcc->szIp, dcc->szPort);
+ 
+ 		KviDccAcceptBox * box = new KviDccAcceptBox(this,dcc,tmp,__tr2qs_ctx("DCC VOICE request","dcc"));
+ 		m_pBoxList->append(box);
+@@ -418,7 +418,7 @@
+ 					"<b>Direct Client Connection</b> in <b>VIDEO</b> mode.<br>" \
+ 					"The connection target will be host <b>%4</b> on port <b>%5</b><br>" \
+ 				,"dcc" \
+-			).arg(dcc->szNick).arg(dcc->szUser).arg(dcc->szHost).arg(dcc->szIp).arg(dcc->szPort);
++			).arg(dcc->szNick, dcc->szUser, dcc->szHost, dcc->szIp, dcc->szPort);
+ 
+ 		KviDccAcceptBox * box = new KviDccAcceptBox(this,dcc,tmp,__tr2qs_ctx("DCC VIDEO request","dcc"));
+ 		m_pBoxList->append(box);
+@@ -494,7 +494,7 @@
+ 					"<b>Direct Client Connection</b> in <b>CANVAS</b> mode.<br>" \
+ 					"The connection target will be host <b>%4</b> on port <b>%5</b><br>" \
+ 				,"dcc" \
+-			).arg(dcc->szNick).arg(dcc->szUser).arg(dcc->szHost).arg(dcc->szIp).arg(dcc->szPort);
++			).arg(dcc->szNick, dcc->szUser, dcc->szHost, dcc->szIp, dcc->szPort);
+ 
+ 		KviDccAcceptBox * box = new KviDccAcceptBox(this,dcc,tmp,__tr2qs_ctx("DCC CANVAS request","dcc"));
+ 		m_pBoxList->append(box);
+@@ -588,9 +588,9 @@
+ 						"<b>%5</b> large.<br>" \
+ 						"The connection target will be host <b>%6</b> on port <b>%7</b><br>" \
+ 					,"dcc" \
+-				).arg(dcc->szNick).arg(dcc->szUser).arg(dcc->szHost).arg(
+-				dcc->szFileName).arg(KviQString::makeSizeReadable(dcc->szFileSize.toULongLong())).arg(
+-					dcc->szIp).arg(dcc->szPort);
++				).arg(dcc->szNick, dcc->szUser, dcc->szHost, dcc->szFileName,
++					KviQString::makeSizeReadable(dcc->szFileSize.toULongLong()),
++					dcc->szIp, dcc->szPort);
+ 
+ 		} else {
+ 			// passive: we will be listening!
+@@ -601,8 +601,8 @@
+ 						"<b>%5</b> large.<br>" \
+ 						"You will be the passive side of the connection.<br>" \
+ 					,"dcc" \
+-				).arg(dcc->szNick).arg(dcc->szUser).arg(dcc->szHost).arg(
+-					dcc->szFileName).arg(KviQString::makeSizeReadable(dcc->szFileSize.toULongLong()));
++				).arg(dcc->szNick, dcc->szUser, dcc->szHost, dcc->szFileName,
++				      KviQString::makeSizeReadable(dcc->szFileSize.toULongLong()));
+ 		}
+ 
+ 		if(dcc->bIsIncomingAvatar)
+@@ -756,7 +756,7 @@
+ 							"<b>auto-rename</b> the new file, or<br>" \
+ 							"<b>resume</b> an incomplete download?" \
+ 						,"dcc" \
+-					).arg(dcc->szLocalFileName).arg(KviQString::makeSizeReadable(fi.size()));
++					).arg(dcc->szLocalFileName, KviQString::makeSizeReadable(fi.size()));
+ 			} else {
+ 				bDisableResume = true;
+ 				// the file on disk is larger or equal to the remote one
+Index: b/src/modules/dcc/send.cpp
+===================================================================
+--- a/src/modules/dcc/send.cpp	2010-07-05 00:18:59.521976080 +0200
++++ b/src/modules/dcc/send.cpp	2010-07-05 00:19:04.691976671 +0200
+@@ -1256,14 +1256,14 @@
+ 					if(iW2 > 0)p->fillRect(rect.left() + 5 + iL2,rect.top() + 5,iW2,10,bIsTerminated ? QColor(150,130,110) : QColor(220,170,100));
+ 					p->fillRect(rect.left() + 5,rect.top() + 5,iL2,10,bIsTerminated ? QColor(140,110,110) : QColor(200,100,100));
+ 
+-					txt = QString(__tr2qs_ctx("%1 of %2 (%3%)","dcc")).arg(KviQString::makeSizeReadable(uAckedBytes)).arg(KviQString::makeSizeReadable(m_uTotalFileSize)).arg(dPerc2,0,'f',2);
++					txt = QString(__tr2qs_ctx("%1 of %2 (%3%)","dcc")).arg(KviQString::makeSizeReadable(uAckedBytes), KviQString::makeSizeReadable(m_uTotalFileSize)).arg(dPerc2,0,'f',2);
+ 				} else {
+ 					// we are receiving a file or not sending acks
+ 					double dPerc = (double)(((double)uTransferred) * 100.0) / (double)m_uTotalFileSize;
+ 					int iL = (int) ((((double)iW) * dPerc) / 100.0);
+ 					p->fillRect(rect.left() + 5,rect.top() + 5,iL,10,bIsTerminated ? QColor(140,110,110) : QColor(200,100,100));
+ 
+-					txt = QString(__tr2qs_ctx("%1 of %2 (%3%)","dcc")).arg(KviQString::makeSizeReadable(uTransferred)).arg(KviQString::makeSizeReadable(m_uTotalFileSize)).arg(dPerc,0,'f',2);
++					txt = QString(__tr2qs_ctx("%1 of %2 (%3%)","dcc")).arg(KviQString::makeSizeReadable(uTransferred), KviQString::makeSizeReadable(m_uTotalFileSize)).arg(dPerc,0,'f',2);
+ 				}
+ 
+ 			} else {
+@@ -1353,7 +1353,7 @@
+ {
+ 	QString s;
+ 
+-	s = QString("<table><tr><td bgcolor=\"#000000\"><font color=\"#FFFFFF\"><b>DCC %1 (ID %2)</b></font></td></tr>").arg(m_szDccType.ptr()).arg(id());
++	s = QString("<table><tr><td bgcolor=\"#000000\"><font color=\"#FFFFFF\"><b>DCC %1 (ID %2)</b></font></td></tr>").arg(m_szDccType.ptr(), id());
+ 
+ 	s += "<tr><td bgcolor=\"#404040\"><font color=\"#FFFFFF\">";
+ 	s += __tr2qs_ctx("Transfer Log","dcc");
+@@ -1485,14 +1485,14 @@
+ //			if(TRIGGER_EVENT_5PARAM_RETVALUE(KviEvent_OnDCCSendConnected,this,m_pDescriptor->szPort.ptr(),m_pDescriptor->szFileName.ptr(),m_pDescriptor->szNick.ptr(),m_pDescriptor->szUser.ptr(),m_pDescriptor->szHost.ptr()));
+ //		}
+ //
+-		m_szStatusString = __tr2qs_ctx("Contacting host %1 on port %2","dcc").arg(m_pDescriptor->szIp).arg(m_pDescriptor->szPort);
++		m_szStatusString = __tr2qs_ctx("Contacting host %1 on port %2","dcc").arg(m_pDescriptor->szIp, m_pDescriptor->szPort);
+ 		outputAndLog(m_szStatusString);
+ 		displayUpdate();
+ 		return;
+ 	}
+ 
+ 	// PASSIVE CONNECTION
+-	m_szStatusString = __tr2qs_ctx("Listening on interface %1 port %2","dcc").arg(m_pMarshal->localIp()).arg(m_pMarshal->localPort());
++	m_szStatusString = __tr2qs_ctx("Listening on interface %1 port %2","dcc").arg(m_pMarshal->localIp(), m_pMarshal->localPort());
+ 	outputAndLog(m_szStatusString);
+ 
+ 	if(m_pDescriptor->bSendRequest)
+@@ -1566,7 +1566,7 @@
+ 					ip.toUtf8().data(),port.ptr(),
+ 					&(m_pDescriptor->szLocalFileSize),0x01);
+ 		}
+-		outputAndLog(__tr2qs_ctx("Sent DCC %1 request to %2, waiting for remote client to connect...","dcc").arg(szReq.ptr()).arg(m_pDescriptor->szNick));
++		outputAndLog(__tr2qs_ctx("Sent DCC %1 request to %2, waiting for remote client to connect...","dcc").arg(szReq.ptr(), m_pDescriptor->szNick));
+ 	} else {
+ 		outputAndLog(__tr2qs_ctx("DCC %1 request not sent, awaiting manual connection","dcc").arg(m_szDccType.ptr()));
+ 	}
+@@ -1693,8 +1693,8 @@
+ 
+ void KviDccFileTransfer::connected()
+ {
+-	outputAndLog(__tr2qs_ctx("Connected to %1:%2","dcc").arg(m_pMarshal->remoteIp()).arg(m_pMarshal->remotePort()));
+-	outputAndLog(__tr2qs_ctx("Local end is %1:%2","dcc").arg(m_pMarshal->localIp()).arg(m_pMarshal->localPort()));
++	outputAndLog(__tr2qs_ctx("Connected to %1:%2","dcc").arg(m_pMarshal->remoteIp(), m_pMarshal->remotePort()));
++	outputAndLog(__tr2qs_ctx("Local end is %1:%2","dcc").arg(m_pMarshal->localIp(), m_pMarshal->localPort()));
+ 
+ 	m_tTransferStartTime = kvi_unixTime();
+ 
+@@ -1774,7 +1774,7 @@
+ 
+ 	if(ret != KviError_success)handleMarshalError(ret);
+ 	else {
+-		m_szStatusString = __tr2qs_ctx("Contacting host %1 on port %2","dcc").arg(m_pDescriptor->szIp).arg(m_pDescriptor->szPort);
++		m_szStatusString = __tr2qs_ctx("Contacting host %1 on port %2","dcc").arg(m_pDescriptor->szIp, m_pDescriptor->szPort);
+ 		outputAndLog(m_szStatusString);
+ 		displayUpdate();
+ 	}
+Index: b/src/modules/options/optw_servers.cpp
+===================================================================
+--- a/src/modules/options/optw_servers.cpp	2010-07-05 00:18:59.451978638 +0200
++++ b/src/modules/options/optw_servers.cpp	2010-07-05 00:19:04.691976671 +0200
+@@ -767,7 +767,7 @@
+ 	KviPointerList<KviProxy> * proxylist = g_pProxyDataBase->proxyList();
+ 	for(KviProxy * p = proxylist->first();p;p = proxylist->next())
+ 	{
+-		m_pProxyEditor->insertItem(m_pProxyEditor->count(),QString("%1:%2").arg(p->hostname()).arg(p->port()));
++		m_pProxyEditor->insertItem(m_pProxyEditor->count(),QString("%1:%2").arg(p->hostname(), p->port()));
+ 	}
+ 	if(m_pProxyEditor->count() > (s->proxy()+2))
+ 		m_pProxyEditor->setCurrentIndex(s->proxy()+2);
+Index: b/src/modules/options/dialog.cpp
+===================================================================
+--- a/src/modules/options/dialog.cpp	2010-07-05 00:18:59.471976431 +0200
++++ b/src/modules/options/dialog.cpp	2010-07-05 00:19:04.691976671 +0200
+@@ -158,7 +158,7 @@
+ 					"</td>" \
+ 				"</tr>" \
+ 			"</table>"
+-		).arg(szDialogTitle).arg(szDialog).arg(szInfoTips).arg(szOkCancelButtons);
++		).arg(szDialogTitle, szDialog, szInfoTips, szOkCancelButtons);
+ 
+ 	QString szCaption = szDialogTitle + " - KVIrc";
+ 	setWindowTitle(szCaption);
+Index: b/src/modules/options/optw_channel.cpp
+===================================================================
+--- a/src/modules/options/optw_channel.cpp	2010-07-05 00:18:59.462001071 +0200
++++ b/src/modules/options/optw_channel.cpp	2010-07-05 00:19:04.691976671 +0200
+@@ -112,7 +112,7 @@
+ 
+ 		hostmask.mask(tmp1,(KviIrcMask::MaskType)i);
+ 		ipmask.mask(tmp2,(KviIrcMask::MaskType)i);
+-		m_pBanTypeCombo->insertItem(m_pBanTypeCombo->count(),QString("%1 (%2)").arg(tmp1).arg(tmp2));
++		m_pBanTypeCombo->insertItem(m_pBanTypeCombo->count(),QString("%1 (%2)").arg(tmp1, tmp2));
+ 	}
+ 	m_pBanTypeCombo->setCurrentIndex(KVI_OPTION_UINT(KviOption_uintDefaultBanType));
+ 
+Index: b/src/modules/http/httpfiletransfer.cpp
+===================================================================
+--- a/src/modules/http/httpfiletransfer.cpp	2010-07-05 00:18:59.531976583 +0200
++++ b/src/modules/http/httpfiletransfer.cpp	2010-07-05 02:36:45.743228089 +0200
+@@ -208,8 +208,8 @@
+ 				//iR = iW - iL;
+ 				p->fillRect(rect.left() + 5, rect.top() + 5,iL,10,bIsTerminated ? QColor(140,110,110) : QColor(200,100,100));
+ 
+-				txt = QString(__tr2qs_ctx("%1 of %2 (%3 %)","http")).arg(KviQString::makeSizeReadable(uRecvd))
+-					.arg(KviQString::makeSizeReadable(uTotal)).arg(dPerc,0,'f',2);
++				txt = QString(__tr2qs_ctx("%1 of %2 (%3 %)","http")).arg(KviQString::makeSizeReadable(uRecvd),
++					KviQString::makeSizeReadable(uTotal)).arg(dPerc,0,'f',2);
+ 			} else {
+ 				txt = KviQString::makeSizeReadable(m_pHttpRequest->receivedSize());
+ 			}
+@@ -262,7 +262,7 @@
+ 				txt = "TOT: ";
+ 				if(uD > 0)txt += QString(__tr2qs_ctx("%1d %2h %3m %4s","http")).arg(uD).arg(uH).arg(uM).arg(uS);
+ 				else if(uH > 0)txt += QString(__tr2qs_ctx("%2h %3m %4s","http")).arg(uH).arg(uM).arg(uS);
+-				else txt += QString(__tr2qs_ctx("%3m %4s","http")).arg(uM).arg(uS);
++				else txt += QString(__tr2qs_ctx("%3m %4s","http")).arg(uM, uS);
+ 			} else {
+ 				if(iEta >= 0)
+ 				{
+@@ -270,7 +270,7 @@
+ 					txt = "ETA: ";
+ 					if(uD > 0)txt += QString(__tr2qs_ctx("%1d %2h %3m %4s","http")).arg(uD).arg(uH).arg(uM).arg(uS);
+ 					else if(uH > 0)txt += QString(__tr2qs_ctx("%2h %3m %4s","http")).arg(uH).arg(uM).arg(uS);
+-					else txt += QString(__tr2qs_ctx("%3m %4s","http")).arg(uM).arg(uS);
++					else txt += QString(__tr2qs_ctx("%3m %4s","http")).arg(uM, uS);
+ 				} else {
+ 					txt = "ETA: Unknown";
+ 				}
+Index: b/src/modules/url/libkviurl.cpp
+===================================================================
+--- a/src/modules/url/libkviurl.cpp	2010-07-05 00:18:59.441980580 +0200
++++ b/src/modules/url/libkviurl.cpp	2010-07-05 00:19:04.701976825 +0200
+@@ -344,7 +344,7 @@
+ void UrlDialog::sayToWin(QAction * act)
+ {
+ 	KviWindow *wnd = g_pApp->findWindowByCaption(act->text());
+-	QString say=QString("PRIVMSG %1 %2").arg(wnd->windowName()).arg(m_szUrl);
++	QString say=QString("PRIVMSG %1 %2").arg(wnd->windowName(), m_szUrl);
+ 	if(wnd)
+ 	{
+ 		KviKvsScript::run(say,wnd);
+Index: b/src/modules/addon/packaddondialog.cpp
+===================================================================
+--- a/src/modules/addon/packaddondialog.cpp	2010-07-05 00:18:59.531976583 +0200
++++ b/src/modules/addon/packaddondialog.cpp	2010-07-05 00:19:04.701976825 +0200
+@@ -195,15 +195,11 @@
+ 	// Start creating install.kvs: header
+ 	QString szTmp;
+ 	szTmp += QString("# This file is generated automatically. Do NOT touch unless you know what are you doing\n#\n");
+-	szTmp += QString("# %1 %2\n# Written by %3\n# %4\n\n").arg(m_szName) \
+-		.arg(m_szVersion).arg(m_szAuthor).arg(m_szDescription);
++	szTmp += QString("# %1 %2\n# Written by %3\n# %4\n\n").arg(m_szName, m_szVersion, m_szAuthor, m_szDescription);
+ 	szTmp += "# Register the script: this must be the first instruction executed\n# since it will abort with an error when a greater version is already installed\n";
+ 
+ 	// install.kvs: addon registration
+-	szTmp += QString("addon.register(\"%1\",\"%2\",\"%1\",\"%3\",\"%4\",\"%5\")\n") \
+-		.arg(m_szName).arg(m_szVersion) \
+-		.arg(m_szDescription).arg(m_szMinVersion) \
+-		.arg(m_szIcon);
++	szTmp += QString("addon.register(\"%1\",\"%2\",\"%1\",\"%3\",\"%4\",\"%5\")\n").arg(m_szName, m_szVersion, m_szDescription, m_szMinVersion, m_szIcon);
+ 	szTmp += "{\n\t# This is our uninstall callback: it will be called by KVIrc when addon.uninstall is invoked\n\t";
+ 	szTmp += QString("%1::uninstall::uninstall\n}\n\n").arg(m_szName);
+ 	szTmp += "# Ok, addon.register succeeded. We can go on with the installation.\n\n";
+Index: b/src/kvirc/sparser/kvi_sp_ctcp.cpp
+===================================================================
+--- a/src/kvirc/sparser/kvi_sp_ctcp.cpp	2010-07-05 00:18:59.641976598 +0200
++++ b/src/kvirc/sparser/kvi_sp_ctcp.cpp	2010-07-05 00:19:04.701976825 +0200
+@@ -1154,9 +1154,9 @@
+ #if defined(COMPILE_ON_WINDOWS) || defined(COMPILE_ON_MINGW)
+ 			szVersion.append(QString(" - %1").arg(KviOsInfo::version()));
+ #else
+-			szVersion.append(QString(" - %1 (%2)").arg(KviOsInfo::name()).arg(KviOsInfo::release()));
++			szVersion.append(QString(" - %1 (%2)").arg(KviOsInfo::name(), KviOsInfo::release()));
+ #endif
+-			//szVersion.append(QString(" - QT Version: %1 - %2").arg(qVersion()).arg(__tr2qs("http://www.kvirc.net/")));
++			//szVersion.append(QString(" - QT Version: %1 - %2").arg(qVersion(), __tr2qs("http://www.kvirc.net/")));
+ 			if(!KVI_OPTION_STRING(KviOption_stringCtcpVersionPostfix).isEmpty())
+ 			{
+ 				QString sz = KVI_OPTION_STRING(KviOption_stringCtcpVersionPostfix);
+Index: b/src/kvirc/kernel/kvi_ircurl.cpp
+===================================================================
+--- a/src/kvirc/kernel/kvi_ircurl.cpp	2010-07-05 00:18:59.631979588 +0200
++++ b/src/kvirc/kernel/kvi_ircurl.cpp	2010-07-05 00:19:04.701976825 +0200
+@@ -311,7 +311,7 @@
+ 			szCommand.append(szJoinCommand);
+ 			szCommand.append("\" ");
+ 		}
+-		szCommand.append(QString("%1 %2 ").arg(parts.szHost).arg(parts.iPort));
++		szCommand.append(QString("%1 %2 ").arg(parts.szHost, parts.iPort));
+ 
+ 		if(pConsole->connection()) {
+ 			KviServer* server = pConsole->connection()->target()->server();
+Index: b/src/kvirc/ui/kvi_userlistview.cpp
+===================================================================
+--- a/src/kvirc/ui/kvi_userlistview.cpp	2010-07-05 00:18:59.621976082 +0200
++++ b/src/kvirc/ui/kvi_userlistview.cpp	2010-07-05 00:19:04.701976825 +0200
+@@ -1603,7 +1603,7 @@
+ 				int iHours = iMins / 60;
+ 				iMins = iMins % 60;
+ 				szBuffer += "<tr><td bgcolor=\"#F0F0F0\"><nobr><font color=\"#000000\">";
+-				szBuffer += __tr2qs("Quiet for <b>%1h %2m %3s</b>").arg(iHours).arg(iMins).arg(iSecs);
++				szBuffer += __tr2qs("Quiet for <b>%1h %2m %3s</b>").arg(iHours, iMins, iSecs);
+ 				szBuffer += "</font></nobr></td></tr>";
+ 			}
+ 			szBuffer += "</table>";
+Index: b/src/kvirc/ui/kvi_query.cpp
+===================================================================
+--- a/src/kvirc/ui/kvi_query.cpp	2010-07-05 00:18:59.591976458 +0200
++++ b/src/kvirc/ui/kvi_query.cpp	2010-07-05 00:19:04.701976825 +0200
+@@ -173,9 +173,9 @@
+ 			szText +=          "<tr><td>";
+ 
+ 			if(e->hasRealName())
+-				szTmp = __tr2qs("%1 is %2 (%3)").arg(m_szName).arg(szMask).arg(KviMircCntrl::stripControlBytes(e->realName()));
++				szTmp = __tr2qs("%1 is %2 (%3)").arg(m_szName, szMask, KviMircCntrl::stripControlBytes(e->realName()));
+ 			else
+-				szTmp = __tr2qs("%1 is %2").arg(m_szName).arg(szMask);
++				szTmp = __tr2qs("%1 is %2").arg(m_szName, szMask);
+ 
+ 			szTmp.replace('&',"&amp;");
+ 			szTmp.replace('<',"&lt;");
+@@ -189,9 +189,9 @@
+ 			{
+ 				szText += "<tr><td>";
+ 				if(e->hasHops())
+-					szText += __tr2qs("%1 is using irc server: %2 (%3 hops)").arg(m_szName).arg(e->server()).arg(e->hops());
++					szText += __tr2qs("%1 is using irc server: %2 (%3 hops)").arg(m_szName, e->server()).arg(e->hops());
+ 				else
+-					szText += __tr2qs("%1 is using irc server: %2").arg(m_szName).arg(e->server());
++					szText += __tr2qs("%1 is using irc server: %2").arg(m_szName, e->server());
+ 				szText += "</td></tr>";
+ 			}
+ 
+@@ -203,7 +203,7 @@
+ 			}
+ 
+ 			szText += "<tr><td>";
+-			szTmp = __tr2qs("Common channels with %1: %2").arg(m_szName).arg(szChans);
++			szTmp = __tr2qs("Common channels with %1: %2").arg(m_szName, szChans);
+ 
+ 			szTmp.replace('&',"&amp;");
+ 			szTmp.replace('<',"&lt;");
+@@ -246,9 +246,9 @@
+ 					szMask += "*";
+ 
+ 				if(e->hasRealName())
+-					szTmp = __tr2qs("Query with %1!%2 (%3)").arg(m_szName).arg(szMask).arg(KviMircCntrl::stripControlBytes(e->realName()));
++					szTmp = __tr2qs("Query with %1!%2 (%3)").arg(m_szName, szMask, KviMircCntrl::stripControlBytes(e->realName()));
+ 				else
+-					szTmp = __tr2qs("Query with %1!%2").arg(m_szName).arg(szMask);
++					szTmp = __tr2qs("Query with %1!%2").arg(m_szName, szMask);
+ 
+ 				if(e->hasServer())
+ 					szTmp += __tr2qs(", using server %1").arg(e->server());
+Index: b/src/kvirc/ui/kvi_console.cpp
+===================================================================
+--- a/src/kvirc/ui/kvi_console.cpp	2010-07-05 00:18:59.601976542 +0200
++++ b/src/kvirc/ui/kvi_console.cpp	2010-07-05 00:19:04.701976825 +0200
+@@ -305,7 +305,7 @@
+ 
+ 	if(e->avatar())
+ 	{
+-		buffer += QString("<tr><td><center><img src=\"%1\" width=\"%2\"></center></td></tr>").arg(e->avatar()->localPath()).arg(e->avatar()->size().width());
++		buffer += QString("<tr><td><center><img src=\"%1\" width=\"%2\"></center></td></tr>").arg(e->avatar()->localPath(), e->avatar()->size().width());
+ 	}
+ 
+ 	if(e->hasRealName())
+Index: b/src/kvirc/ui/kvi_window.cpp
+===================================================================
+--- a/src/kvirc/ui/kvi_window.cpp	2010-07-05 00:18:59.581976933 +0200
++++ b/src/kvirc/ui/kvi_window.cpp	2010-07-05 00:19:04.701976825 +0200
+@@ -1356,7 +1356,7 @@
+ 					{
+ 						*it=QString("\r!c\r%1\r").arg(*it);
+ 					} else {
+-						*it=QString("\r!c%1\r%2\r").arg(tmp).arg(*it);
++						*it=QString("\r!c%1\r%2\r").arg(tmp, *it);
+ 					}
+ 				}
+ 			}
+Index: b/src/kvirc/ui/kvi_channel.cpp
+===================================================================
+--- a/src/kvirc/ui/kvi_channel.cpp	2010-07-05 00:18:59.611979210 +0200
++++ b/src/kvirc/ui/kvi_channel.cpp	2010-07-05 00:19:04.701976825 +0200
+@@ -1734,7 +1734,7 @@
+ 					if((*it) == szTmp)
+ 						*it = QString("\r!c\r%1\r").arg(*it);
+ 					else
+-						*it = QString("\r!c%1\r%2\r").arg(szTmp).arg(*it);
++						*it = QString("\r!c%1\r%2\r").arg(szTmp, *it);
+ 				}
+ 			}
+ 		}
diff -Nru kvirc-4.0.0~svn3900+rc2/debian/patches/series kvirc-4.0.0~svn3900+rc2/debian/patches/series
--- kvirc-4.0.0~svn3900+rc2/debian/patches/series	2010-01-28 17:15:19.000000000 +0100
+++ kvirc-4.0.0~svn3900+rc2/debian/patches/series	2010-07-05 00:14:40.000000000 +0200
@@ -2,3 +2,4 @@
 10_fix_desktop_entry.patch
 20_rm_python_stub.patch
 30_r3902_update_motd.patch
+kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch