Bug#405828: marked as done (CVE-2006-6811: Buffer overflow in KsIRC)
Your message dated Wed, 10 Jan 2007 13:32:08 +0000
with message-id <E1H4dYm-0001Kk-7u@ries.debian.org>
and subject line Bug#405828: fixed in kdenetwork 4:3.5.5-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: ksirc
Version: 4:3.5.5-3
Severity: grave
Tags: security
Justification: user security hole
A vulnerability has been reported in ksirc 1.3.12 which is Debian's 4:3.5.5-*:
Buffer overflow in KsIRC 1.3.12 allows remote attackers to execute
arbitrary code via a long PRIVMSG string when connecting to an
Internet Relay Chat (IRC) server.
See
http://www.milw0rm.com/exploits/3023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6811
--- End Message ---
--- Begin Message ---
Source: kdenetwork
Source-Version: 4:3.5.5-4
We believe that the bug you reported is fixed in the latest version of
kdenetwork, which is due to be installed in the Debian FTP archive:
dcoprss_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/dcoprss_3.5.5-4_i386.deb
kdenetwork-dbg_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/kdenetwork-dbg_3.5.5-4_i386.deb
kdenetwork-dev_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/kdenetwork-dev_3.5.5-4_i386.deb
kdenetwork-doc-html_3.5.5-4_all.deb
to pool/main/k/kdenetwork/kdenetwork-doc-html_3.5.5-4_all.deb
kdenetwork-filesharing_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/kdenetwork-filesharing_3.5.5-4_i386.deb
kdenetwork-kfile-plugins_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/kdenetwork-kfile-plugins_3.5.5-4_i386.deb
kdenetwork_3.5.5-4.diff.gz
to pool/main/k/kdenetwork/kdenetwork_3.5.5-4.diff.gz
kdenetwork_3.5.5-4.dsc
to pool/main/k/kdenetwork/kdenetwork_3.5.5-4.dsc
kdenetwork_3.5.5-4_all.deb
to pool/main/k/kdenetwork/kdenetwork_3.5.5-4_all.deb
kdict_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/kdict_3.5.5-4_i386.deb
kdnssd_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/kdnssd_3.5.5-4_i386.deb
kget_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/kget_3.5.5-4_i386.deb
knewsticker_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/knewsticker_3.5.5-4_i386.deb
kopete_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/kopete_3.5.5-4_i386.deb
kpf_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/kpf_3.5.5-4_i386.deb
kppp_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/kppp_3.5.5-4_i386.deb
krdc_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/krdc_3.5.5-4_i386.deb
krfb_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/krfb_3.5.5-4_i386.deb
ksirc_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/ksirc_3.5.5-4_i386.deb
ktalkd_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/ktalkd_3.5.5-4_i386.deb
kwifimanager_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/kwifimanager_3.5.5-4_i386.deb
librss1_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/librss1_3.5.5-4_i386.deb
lisa_3.5.5-4_i386.deb
to pool/main/k/kdenetwork/lisa_3.5.5-4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 405828@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> (supplier of updated kdenetwork package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 9 Jan 2007 07:26:45 +0100
Source: kdenetwork
Binary: knewsticker kwifimanager dcoprss ksirc kdenetwork-filesharing kppp kpf kdenetwork-dbg kdnssd librss1 kdenetwork-doc-html kdenetwork kopete kget kdenetwork-kfile-plugins krfb krdc kdenetwork-dev kdict ktalkd lisa
Architecture: source i386 all
Version: 4:3.5.5-4
Distribution: unstable
Urgency: high
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Description:
dcoprss - RSS utilities for KDE
kdenetwork - network-related apps from the official KDE release
kdenetwork-dbg - debugging symbols for kdenetwork
kdenetwork-dev - development files for the KDE network module
kdenetwork-doc-html - KDE network documentation in HTML format
kdenetwork-filesharing - network filesharing configuration module for KDE
kdenetwork-kfile-plugins - torrent metainfo plugin for KDE
kdict - dictionary client for KDE
kdnssd - Zeroconf support for KDE
kget - download manager for KDE
knewsticker - news ticker applet for KDE
kopete - instant messenger for KDE
kpf - public fileserver for KDE
kppp - modem dialer and ppp frontend for KDE
krdc - Remote Desktop Connection for KDE
krfb - Desktop Sharing for KDE
ksirc - IRC client for KDE
ktalkd - talk daemon for KDE
kwifimanager - wireless lan manager for KDE
librss1 - RSS library for KDE
lisa - LAN information server for KDE
Closes: 405828
Changes:
kdenetwork (4:3.5.5-4) unstable; urgency=high
.
+++ Changes by Ana Beatriz Guerrero Lopez:
.
* Update Uploaders.
* Add patch 20_ksirc_405828.diff to fix buffer overflow that allows remote
attackers to execute arbitrary code via a long PRIVMSG string when
connecting to an IRC server. CVE-2006-6811. (Closes: #405828)
Files:
8baff4914efec4533f6215b0e32ece15 1493 kde optional kdenetwork_3.5.5-4.dsc
99a1af10ce7fd73a32c2eb039a09e181 479251 kde optional kdenetwork_3.5.5-4.diff.gz
a4dfb90243d7ce29ac0bed94546f02a6 24344 kde optional kdenetwork_3.5.5-4_all.deb
90d494b391fb12bdc0526e1641f3b7ad 222922 doc optional kdenetwork-doc-html_3.5.5-4_all.deb
ac5eeaf5f634f2618de493656c5e9735 83860 net optional dcoprss_3.5.5-4_i386.deb
3706a320f6ab3f72a9a5d3c006b4c279 47856 kde optional kdenetwork-kfile-plugins_3.5.5-4_i386.deb
f4c62a8acbc5e7163bd219ed8659b6a8 642554 net optional kdenetwork-filesharing_3.5.5-4_i386.deb
5c42cb441abb9756564668e16d581f70 299652 net optional kdict_3.5.5-4_i386.deb
7300f68fa9f47481656c415414bdfad3 447762 net optional kget_3.5.5-4_i386.deb
965ad7a9c77a21dc560687a36a0578d2 472102 kde optional knewsticker_3.5.5-4_i386.deb
b581ae6b0d05f50b6fd7b7f8f145bf2c 7304484 kde optional kopete_3.5.5-4_i386.deb
57a91d7dccf7e6f85a6e1ee79f5d153c 198662 net optional kpf_3.5.5-4_i386.deb
a19faf11c8c4d2e5a045edc0ba40d7e7 691038 net optional kppp_3.5.5-4_i386.deb
5156796c3f53c286efe30c80590891b8 513364 net optional krdc_3.5.5-4_i386.deb
975d96f8c7aace62f0b905aede996a87 946856 net optional krfb_3.5.5-4_i386.deb
f7eda7e54958b3ab97e1d10fc799cc5a 740822 net optional ksirc_3.5.5-4_i386.deb
7d653511017b4a9ec1dadfc7b11a53a8 144544 net extra ktalkd_3.5.5-4_i386.deb
20dd99a508be431dcf6177cb36f05a49 233964 net optional kwifimanager_3.5.5-4_i386.deb
78a73a90f75c192a95c215ac767eb480 55736 libs optional librss1_3.5.5-4_i386.deb
f07c7fed01c273b748c105d04db95f5f 107328 devel optional kdenetwork-dev_3.5.5-4_i386.deb
e4dad1685bf3b756dbe1c7a94831e881 172258 net optional lisa_3.5.5-4_i386.deb
dc309c1c0f8cf761e04123ebad12afce 58380 net optional kdnssd_3.5.5-4_i386.deb
46b3fc47bcd85180b473d161c4836431 23025438 libdevel extra kdenetwork-dbg_3.5.5-4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Signed by Ana Guerrero
iD8DBQFFpOHYn3j4POjENGERAhkNAJ9KHhgXkUeW1aD+3qizQfgLKPtB4ACfegcm
LGqn7WGpW1m+6DRpcp3HlEo=
=C/xk
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: