Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Jun 2010 06:21:15 GMT
From:      Axel Gonzalez <loox@e-shell.net>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/148203: irc/kvirc-* vulnerabilities
Message-ID:  <201006280621.o5S6LFfn094752@www.freebsd.org>
Resent-Message-ID: <201006280630.o5S6U5gI015349@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         148203
>Category:       ports
>Synopsis:       irc/kvirc-* vulnerabilities
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 28 06:30:05 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Axel Gonzalez
>Release:        FreeBSD 8.1-RC
>Organization:
>Environment:
FreeBSD moonglow 8.1-RC1 FreeBSD 8.1-RC1 #0: Sat Jun 19 10:32:46 CDT 2010     toor@moonglow:/tmp/obj/usr/src/sys/LX  i386

>Description:

Security advisor: CVE-2010-2451 CVE-2010-2452

This problems have been fixed in latest version (4.0.0) and svn of 3.4

The bugs allow remote exploits, so they are serious.

>How-To-Repeat:
install from ports
>Fix:
Upgrade to kvirc-4.0.0
Backport the patches to 3.4.2, use latest from svn, or mark it as broken

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201006280621.o5S6LFfn094752>