group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1833143] Re: CVE-2019-12816

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Steve Langasek <1833143@xxxxxxxxxxxxxxxxxx>
Date: Thu, 02 Jul 2020 20:00:36 -0000
Reply-to: Bug 1833143 <1833143@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: znc (Ubuntu Disco)
       Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1833143

Title:
  CVE-2019-12816

Status in znc package in Ubuntu:
  Fix Released
Status in znc source package in Xenial:
  Confirmed
Status in znc source package in Bionic:
  Confirmed
Status in znc source package in Cosmic:
  Confirmed
Status in znc source package in Disco:
  Won't Fix
Status in znc source package in Eoan:
  Fix Released

Bug description:
  CVE-2019-12816 addresses a remote code execution and privilege
  escalation vulnerability.  To trigger this, need to have a user
  already.

  Details on the exploit are not included here, however Upstream has a
  fix.

  Eoan has a fix in proposed (autosync).

  Note that this will require a No Changes Rebuild in Security for znc-backlog to go along with this, otherwise znc-backlog is not installable. 
   Unit193 uploaded a no change rebuild for znc-backlog in Eoan.  Disco is where this conflict will happen.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/znc/+bug/1833143/+subscriptions