group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1821760] Re: CVE-2019-9917 - Invalid encoding crash

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1821760@xxxxxxxxxxxxxxxxxx>
Date: Wed, 17 Apr 2019 14:45:48 -0000
Reply-to: Bug 1821760 <1821760@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package znc - 1.7.1-2ubuntu0.1

---------------
znc (1.7.1-2ubuntu0.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: Fix DoS while using an invalid encoding (LP: #1821760)
    - debian/patches/CVE-2019-9917.patch: Don't crash if user specified invalid
      encoding.
    - CVE-2019-9917

 -- Paulo Flabiano Smorigo <pfsmorigo@xxxxxxxxxxxxx>  Mon, 08 Apr 2019
10:56:22 -0300

** Changed in: znc (Ubuntu Cosmic)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9917

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1821760

Title:
  CVE-2019-9917 - Invalid encoding crash

Status in znc package in Ubuntu:
  Fix Released
Status in znc source package in Xenial:
  New
Status in znc source package in Bionic:
  New
Status in znc source package in Cosmic:
  Fix Released
Status in znc source package in Disco:
  Fix Released

Bug description:
  Hello.

  ZNC is affected by CVE-2019-9917, in which the use of an invalid
  encoding can cause a crash.

  This is fixed upstream in the following code commit:
  https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973

  This has not yet been released into a stable ZNC version, but the fix
  is made available in Debian as 1.7.2-2.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/znc/+bug/1821760/+subscriptions