Your message dated Fri, 21 Jan 2005 16:47:04 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291503: fixed in konversation 0.15-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 21 Jan 2005 07:17:13 +0000
>From [EMAIL PROTECTED] Thu Jan 20 23:17:13 2005
Return-path: <[EMAIL PROTECTED]>
Received: from luonnotar.infodrom.org [195.124.48.78]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Crt2f-0007RC-00; Thu, 20 Jan 2005 23:17:13 -0800
Received: by luonnotar.infodrom.org (Postfix, from userid 10)
id 0C0A8366BB0; Fri, 21 Jan 2005 08:17:16 +0100 (CET)
Received: at Infodrom Oldenburg (/\##/\ Smail-3.2.0.102 1998-Aug-2 #2)
from infodrom.org by finlandia.Infodrom.North.DE
via smail from stdin
id <[EMAIL PROTECTED]>
for [EMAIL PROTECTED]; Fri, 21 Jan 2005 08:09:04 +0100 (CET)
Date: Fri, 21 Jan 2005 08:09:03 +0100
From: Martin Schulze <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: CAN-2005-0129/130/131: Multiple vulnerabilities in Konversation
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
X-Debbugs-Cc: [EMAIL PROTECTED]
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: konversation
Version: 0.15-2
Severity: grave
Tags: security sarge sid
These problems have been discovered by Wouter Coekaerts in the konversation
IRC client. Affected are version 0.15, CVS until 18-19/01/2005, and
some older versions too. They are fixed in 0.15.1.
When you fix these problems, please mention the corresponding CVE id in
the changelog.
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0129
Reference: FULLDISC:20050119 Multiple vulnerabilities in Konversation
Reference:
URL:http://lists.netsys.com/pipermail/full-disclosure/2005-January/031033.html
The Quick Buttons feature in Konversation 0.15 allows remote attackers
to execute certain IRC commands via a channel name containing "%"
variables, which are recursively expanded by the
Server::parseWildcards function when the Part Button is selected.
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0130
Reference: FULLDISC:20050119 Multiple vulnerabilities in Konversation
Reference:
URL:http://lists.netsys.com/pipermail/full-disclosure/2005-January/031033.html
Certain Perl scripts in Konversation 0.15 allow remote attackers to
execute arbitrary commands via shell metacharacters in (1) channel
names or (2) song names that are not properly quoted when the user
runs IRC sripts.
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0131
Reference: FULLDISC:20050119 Multiple vulnerabilities in Konversation
Reference:
URL:http://lists.netsys.com/pipermail/full-disclosure/2005-January/031033.html
The Quick Connection dialog in Konversation 0.15 inadvertently uses
the user-provided password as the nickname instead of the
user-provided nickname when connecting to the IRC server, which could
leak the password to other users.
Regards,
Joey
--
Have you ever noticed that "General Public Licence" contains the word "Pub"?
Please always Cc to me when replying to me on the lists.
---------------------------------------
Received: (at 291503-close) by bugs.debian.org; 21 Jan 2005 21:54:05 +0000
>From [EMAIL PROTECTED] Fri Jan 21 13:54:05 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cs6jF-0002Gr-00; Fri, 21 Jan 2005 13:54:05 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Cs6cS-0000la-00; Fri, 21 Jan 2005 16:47:04 -0500
From: [EMAIL PROTECTED] (Nathaniel W. Turner)
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#291503: fixed in konversation 0.15-3
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 21 Jan 2005 16:47:04 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: konversation
Source-Version: 0.15-3
We believe that the bug you reported is fixed in the latest version of
konversation, which is due to be installed in the Debian FTP archive:
konversation_0.15-3.diff.gz
to pool/main/k/konversation/konversation_0.15-3.diff.gz
konversation_0.15-3.dsc
to pool/main/k/konversation/konversation_0.15-3.dsc
konversation_0.15-3_i386.deb
to pool/main/k/konversation/konversation_0.15-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nathaniel W. Turner <[EMAIL PROTECTED]> (supplier of updated konversation
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 21 Jan 2005 13:31:16 -0500
Source: konversation
Binary: konversation
Architecture: source i386
Version: 0.15-3
Distribution: unstable
Urgency: high
Maintainer: Nathaniel W. Turner <[EMAIL PROTECTED]>
Changed-By: Nathaniel W. Turner <[EMAIL PROTECTED]>
Description:
konversation - user friendly Internet Relay Chat (IRC) client for KDE
Closes: 291503
Changes:
konversation (0.15-3) unstable; urgency=high
.
* Security update release. Applied patches from Wouter Coekaerts (included
in upstream 0.15.1) to fix the following issues:
+ CAN-2005-0129: quick buttons recursive % expansion
+ CAN-2005-0130: perl script arbitrary command execution
+ CAN-2005-0131: potential server password leak
(Closes: #291503)
* Reverted website changes in 0.15-2; the konversation.org website is back.
Files:
07cb730ab33644e87c6f55bdcb44a272 703 kde optional konversation_0.15-3.dsc
52f3b5ccc2223ca4a37e141ea925782f 22857 kde optional konversation_0.15-3.diff.gz
6670efde8a0d95273cf9eeffe0a65bbd 2536594 kde optional
konversation_0.15-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB8XO22tp5zXiKP0wRAoWOAJwOPuwPEqSwheASn8I19AUfAkc7hQCgnzey
/1JsBeLJFWqyARv0oNBbeBI=
=o6zX
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
