[ubuntu/trusty-security] znc 1.2-3ubuntu0.1 (Accepted)
Alex Murray
alex.murray at canonical.com
Wed Aug 8 02:32:57 UTC 2018
znc (1.2-3ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: Privilege escalation for non-admin users (LP: #1781925)
- debian/patches/CVE-2018-14055-1.patch: Remove newlines from incoming
network configuration change directives. Based on upstream patch.
- debian/patches/CVE-2018-14055-2.patch: Remove extra newlines when
writing out configuration file. Based on upstream patch.
- CVE-2018-14055
* SECURITY UPDATE: Path traversal flaw allows access to files outside of
skins (LP: #1781925)
- debian/patches/CVE-2018-14056.patch: Replace path traversal components
in skin names to ensure path traversal is not possible. Based on
upstream patch.
- CVE-2018-14056
* SECURITY UPDATE: Denial of service (crash) from remote authenticated users
- debian/patches/CVE-2014-9403.patch: Check whether channel exists
when dealing with user specified channel name. Based on upstream
patch.
- CVE-2014-9403
Date: 2018-08-08 01:50:21.200281+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/znc/1.2-3ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list