This bug was fixed in the package znc - 1.2-3ubuntu0.1
---
znc (1.2-3ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: Privilege escalation for non-admin users (LP: #1781925)
- debian/patches/CVE-2018-14055-1.patch: Remove newlines from incoming
network
This bug was fixed in the package znc - 1.6.6-1ubuntu0.1
---
znc (1.6.6-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Privilege escalation for non-admin users (LP: #1781925)
- debian/patches/CVE-2018-14055-1.patch: Remove newlines from incoming
network
This bug was fixed in the package znc - 1.6.3-1ubuntu0.1
---
znc (1.6.3-1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Privilege escalation for non-admin users (LP: #1781925)
- debian/patches/CVE-2018-14055-1.patch: Remove newlines from incoming
network
@teward - I am planning to push this out within the next 24h - please
let me know if you have any concerns.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1781925
Title:
Vulnerabilities in znc
Apologies - I was on a roll and figured I might as well do it too. I'm
hoping to push the update out early next week but will wait for your
feedback first.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
well I WAS going to provide my Bionic debdiff, but you beat me to it.
I'm not in a position just now to do testing, as I've got a very busy
couple of days, I'll add it to the list of things I have to test though.
--
You received this bug notification because you are a member of Ubuntu
Bugs,
Have uploaded both to security-proposed - @teward any testing you could
give would be appreciated.
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
debdiff against bionic
** Patch added: "debdiff against bionic"
https://bugs.launchpad.net/ubuntu/+source/znc/+bug/1781925/+attachment/5167943/+files/znc-bionic.debdiff
** Changed in: znc (Ubuntu Bionic)
Assignee: Thomas Ward (teward) => Alex Murray (alexmurray)
--
You received this
debdiff against xenial znc - will upload this to security-proposed ppa
soon
** Changed in: znc (Ubuntu Xenial)
Assignee: Thomas Ward (teward) => Alex Murray (alexmurray)
** Patch added: "debdiff against xenial znc"
Bionic, not Artful, in my last message, force of habit sorry.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1781925
Title:
Vulnerabilities in znc package CVE-2018-14055 CVE-2018-14056
To manage
Alex,
I've got a Xenial patchset that I'm working on already, but if you want
to take a shot at making a valid patchset for it, be my guest.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1781925
I've got a locally building patchset for Artful currently, though, so
I'll still hold onto the Artful one.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1781925
Title:
Vulnerabilities in znc
If you haven't gotten far with Xenial, I can have a look at that (since
am running znc myself on a Xenial instance...)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1781925
Title:
Vulnerabilities
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14055
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14056
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1781925
Had some issues getting the patches to cleanly apply in Trusty, so I'm
letting that one be handled by the Community. I have some patchsets
from Debian that can probably be applied for this issue in Xenial, and
will be looking into that in the next couple of days.
** Changed in: znc (Ubuntu
Autosync from Debian Unstable pulled in the fix for this. 1.7.1-1
** Changed in: znc (Ubuntu Cosmic)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1781925
Artful reaches End of Life on July 19th. Due to this being in two days,
and under the advisement of the Security Team, a patch will not be
available by the EOL date. Marking "Won't Fix" for Artful only.
** Changed in: znc (Ubuntu Trusty)
Status: New => Confirmed
** Changed in: znc
** Also affects: znc (Ubuntu Trusty)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1781925
Title:
Vulnerabilities in znc package CVE-2018-14055
** Also affects: znc (Ubuntu Artful)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1781925
Title:
Vulnerabilities in znc package CVE-2018-14055
** Also affects: znc (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: znc (Ubuntu Xenial)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Also affects: znc (Ubuntu Cosmic)
Importance: Medium
Assignee: Thomas Ward (teward)
Status: In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1781925
Title:
** Changed in: znc (Ubuntu)
Status: Confirmed => In Progress
** Changed in: znc (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1781925
Title:
Actually working on a patch set for my own ZNC deployment, guess I'll
prep the patches for Ubuntu while I am at it.
** Changed in: znc (Ubuntu)
Assignee: (unassigned) => Thomas Ward (teward)
** Changed in: znc (Ubuntu)
Status: New => Confirmed
--
You received this bug notification
** Tags added: community-security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1781925
Title:
Vulnerabilities in znc package CVE-2018-14055 CVE-2018-14056
To manage notifications about this bug
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1781925
Title:
Vulnerabilities in znc package CVE-2018-14055 CVE-2018-14056
To
25 matches
Mail list logo