group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1833143] Re: CVE-2019-12816

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Mattia Rizzolo <mattia@xxxxxxxxxxx>
Date: Tue, 18 Jun 2019 07:47:12 -0000
Reply-to: Bug 1833143 <1833143@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

1.7.2-3 with the fix landed in release.

** Changed in: znc (Ubuntu Eoan)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1833143

Title:
  CVE-2019-12816

Status in znc package in Ubuntu:
  Fix Released
Status in znc source package in Xenial:
  Confirmed
Status in znc source package in Bionic:
  Confirmed
Status in znc source package in Cosmic:
  Confirmed
Status in znc source package in Disco:
  Confirmed
Status in znc source package in Eoan:
  Fix Released

Bug description:
  CVE-2019-12816 addresses a remote code execution and privilege
  escalation vulnerability.  To trigger this, need to have a user
  already.

  Details on the exploit are not included here, however Upstream has a
  fix.

  Eoan has a fix in proposed (autosync).

  Note that this will require a No Changes Rebuild in Security for znc-backlog to go along with this, otherwise znc-backlog is not installable. 
   Unit193 uploaded a no change rebuild for znc-backlog in Eoan.  Disco is where this conflict will happen.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/znc/+bug/1833143/+subscriptions