http://www.securityfocus.com/bid/40746 http://freshmeat.net/articles/debian-new-kvirc-packages-fix-several-vulnerabilities "For the unstable distribution (sid), these problems have been fixed in version 4.0.0~svn4340+rc3-1." This would imply that *at least* that our stable kvirc-4 is vulnerable.
Security vulnerability was fixed in r4317. r4227 introduced build failure with USE="dcc_video -kde", which was fixed in r4616.
Stabilize net-irc/kvirc-4.1_pre4624.
x86 stable
amd64 done
CVE-2010-2451 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2451): Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors. CVE-2010-2452 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2452): Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors.
GLSA request filed.
This issue was resolved and addressed in GLSA 201402-20 at http://security.gentoo.org/glsa/glsa-201402-20.xml by GLSA coordinator Chris Reffett (creffett).