Your message dated Fri, 21 Jan 2005 16:47:04 -0500 with message-id <[EMAIL PROTECTED]> and subject line Bug#291503: fixed in konversation 0.15-3 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 21 Jan 2005 07:17:13 +0000 >From [EMAIL PROTECTED] Thu Jan 20 23:17:13 2005 Return-path: <[EMAIL PROTECTED]> Received: from luonnotar.infodrom.org [195.124.48.78] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Crt2f-0007RC-00; Thu, 20 Jan 2005 23:17:13 -0800 Received: by luonnotar.infodrom.org (Postfix, from userid 10) id 0C0A8366BB0; Fri, 21 Jan 2005 08:17:16 +0100 (CET) Received: at Infodrom Oldenburg (/\##/\ Smail-3.2.0.102 1998-Aug-2 #2) from infodrom.org by finlandia.Infodrom.North.DE via smail from stdin id <[EMAIL PROTECTED]> for [EMAIL PROTECTED]; Fri, 21 Jan 2005 08:09:04 +0100 (CET) Date: Fri, 21 Jan 2005 08:09:03 +0100 From: Martin Schulze <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: CAN-2005-0129/130/131: Multiple vulnerabilities in Konversation Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline X-Debbugs-Cc: [EMAIL PROTECTED] User-Agent: Mutt/1.5.6+20040907i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: konversation Version: 0.15-2 Severity: grave Tags: security sarge sid These problems have been discovered by Wouter Coekaerts in the konversation IRC client. Affected are version 0.15, CVS until 18-19/01/2005, and some older versions too. They are fixed in 0.15.1. When you fix these problems, please mention the corresponding CVE id in the changelog. URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0129 Reference: FULLDISC:20050119 Multiple vulnerabilities in Konversation Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2005-January/031033.html The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing "%" variables, which are recursively expanded by the Server::parseWildcards function when the Part Button is selected. URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0130 Reference: FULLDISC:20050119 Multiple vulnerabilities in Konversation Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2005-January/031033.html Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC sripts. URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0131 Reference: FULLDISC:20050119 Multiple vulnerabilities in Konversation Reference: URL:http://lists.netsys.com/pipermail/full-disclosure/2005-January/031033.html The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users. Regards, Joey -- Have you ever noticed that "General Public Licence" contains the word "Pub"? Please always Cc to me when replying to me on the lists. --------------------------------------- Received: (at 291503-close) by bugs.debian.org; 21 Jan 2005 21:54:05 +0000 >From [EMAIL PROTECTED] Fri Jan 21 13:54:05 2005 Return-path: <[EMAIL PROTECTED]> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Cs6jF-0002Gr-00; Fri, 21 Jan 2005 13:54:05 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1Cs6cS-0000la-00; Fri, 21 Jan 2005 16:47:04 -0500 From: [EMAIL PROTECTED] (Nathaniel W. Turner) To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#291503: fixed in konversation 0.15-3 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Fri, 21 Jan 2005 16:47:04 -0500 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Source: konversation Source-Version: 0.15-3 We believe that the bug you reported is fixed in the latest version of konversation, which is due to be installed in the Debian FTP archive: konversation_0.15-3.diff.gz to pool/main/k/konversation/konversation_0.15-3.diff.gz konversation_0.15-3.dsc to pool/main/k/konversation/konversation_0.15-3.dsc konversation_0.15-3_i386.deb to pool/main/k/konversation/konversation_0.15-3_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nathaniel W. Turner <[EMAIL PROTECTED]> (supplier of updated konversation package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 21 Jan 2005 13:31:16 -0500 Source: konversation Binary: konversation Architecture: source i386 Version: 0.15-3 Distribution: unstable Urgency: high Maintainer: Nathaniel W. Turner <[EMAIL PROTECTED]> Changed-By: Nathaniel W. Turner <[EMAIL PROTECTED]> Description: konversation - user friendly Internet Relay Chat (IRC) client for KDE Closes: 291503 Changes: konversation (0.15-3) unstable; urgency=high . * Security update release. Applied patches from Wouter Coekaerts (included in upstream 0.15.1) to fix the following issues: + CAN-2005-0129: quick buttons recursive % expansion + CAN-2005-0130: perl script arbitrary command execution + CAN-2005-0131: potential server password leak (Closes: #291503) * Reverted website changes in 0.15-2; the konversation.org website is back. Files: 07cb730ab33644e87c6f55bdcb44a272 703 kde optional konversation_0.15-3.dsc 52f3b5ccc2223ca4a37e141ea925782f 22857 kde optional konversation_0.15-3.diff.gz 6670efde8a0d95273cf9eeffe0a65bbd 2536594 kde optional konversation_0.15-3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFB8XO22tp5zXiKP0wRAoWOAJwOPuwPEqSwheASn8I19AUfAkc7hQCgnzey /1JsBeLJFWqyARv0oNBbeBI= =o6zX -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]