Debian Konversation vulnerabilities

CVE-2017-15923 [HIGH] CVE-2017-15923: konversation - Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers ... Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes. Scope: local bookworm: resolved (fixed in 1.7.3-1) bullseye: resolved (fixed in 1.7.3-1) forky: resolved (fixed in 1.7.3-1) sid: resolved (fixed in 1.7.3-1) trixie: resolved (fixed in

CVE-2014-8483 [MEDIUM] CVE-2014-8483: konversation - The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote ... The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string. Scope: local bookworm: resolved (fixed in 1.5-2) bullseye: resolved (fixed in 1.5-2) forky: resolved (fixed in 1.5-2) sid: resolved (fixed in 1.5-2) trixie: resolved (fixed in 1.5-2)

CVE-2009-5050 [HIGH] CVE-2009-5050: konversation - konversation before 1.2.3 allows attackers to cause a denial of service. konversation before 1.2.3 allows attackers to cause a denial of service. Scope: local bookworm: resolved (fixed in 1.2.3-1) bullseye: resolved (fixed in 1.2.3-1) forky: resolved (fixed in 1.2.3-1) sid: resolved (fixed in 1.2.3-1) trixie: resolved (fixed in 1.2.3-1)

CVE-2007-4400 [MEDIUM] CVE-2007-4400: konversation - CRLF injection vulnerability in the included media script in Konversation allows... CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. Scope: local bookworm: resolved (fixed in 1.0.1-4) bullseye: resolved (fixed in 1.0.1-4) forky: resolved (fixed in 1.0.1-4) sid: resolved (fixed in 1.0.1-4) t

CVE-2005-0129 [HIGH] CVE-2005-0129: konversation - The Quick Buttons feature in Konversation 0.15 allows remote attackers to execut... The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing "%" variables, which are recursively expanded by the Server::parseWildcards function when the Part Button is selected. Scope: local bookworm: resolved (fixed in 0.15-3) bullseye: resolved (fixed in 0.15-3) forky: resolved (fixed in

CVE-2005-0130 [HIGH] CVE-2005-0130: konversation - Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbi... Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC scripts. Scope: local bookworm: resolved (fixed in 0.15-3) bullseye: resolved (fixed in 0.15-3) forky: resolved (fixed in 0.15-3) sid: resolved (fixed in

CVE-2005-0131 [MEDIUM] CVE-2005-0131: konversation - The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-pro... The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users. Scope: local bookworm: resolved (fixed in 0.15-3) bullseye: resolved (fixed in 0.15-3) forky: resolved (fixed in 0.15-3) sid: resolve