Source: znc Version: 1.8.0-1 Severity: important Tags: security upstream Hi,
The following vulnerability was published for znc. CVE-2020-13775[0]: | ZNC before 1.8.1-rc1 allows attackers to trigger an application crash | (with a NULL pointer dereference) if echo-message is not enabled and | there is no network. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-13775 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13775 [1] https://github.com/znc/znc/commit/2390ad111bde16a78c98ac44572090b33c3bd2d8 Please adjust the affected versions in the BTS as needed, if my understandig of the isuse is correctly then this was only introduced in 1.8.0 while fixing another bug related to echo-messages, please double check though. Regards, Salvatore
