CVE-2019-12816
Bug #1833143 reported by
Thomas Ward
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
znc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Confirmed
|
Undecided
|
Unassigned | ||
Bionic |
Confirmed
|
Undecided
|
Unassigned | ||
Cosmic |
Confirmed
|
Undecided
|
Thomas Ward | ||
Disco |
Won't Fix
|
Undecided
|
Thomas Ward | ||
Eoan |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
CVE-2019-12816 addresses a remote code execution and privilege escalation vulnerability. To trigger this, need to have a user already.
Details on the exploit are not included here, however Upstream has a fix.
Eoan has a fix in proposed (autosync).
Note that this will require a No Changes Rebuild in Security for znc-backlog to go along with this, otherwise znc-backlog is not installable.
Unit193 uploaded a no change rebuild for znc-backlog in Eoan. Disco is where this conflict will happen.
description: | updated |
Changed in znc (Ubuntu Disco): | |
status: | New → Confirmed |
Changed in znc (Ubuntu Cosmic): | |
status: | New → Confirmed |
Changed in znc (Ubuntu Bionic): | |
status: | New → Confirmed |
Changed in znc (Ubuntu Xenial): | |
status: | New → Confirmed |
Changed in znc (Ubuntu Disco): | |
assignee: | nobody → Thomas Ward (teward) |
Changed in znc (Ubuntu Cosmic): | |
assignee: | nobody → Thomas Ward (teward) |
Changed in znc (Ubuntu Eoan): | |
status: | Confirmed → Fix Committed |
information type: | Public → Public Security |
Changed in znc (Ubuntu Eoan): | |
assignee: | Thomas Ward (teward) → nobody |
Changed in znc (Ubuntu Disco): | |
status: | Confirmed → Won't Fix |
To post a comment you must log in.
1.7.2-3 with the fix landed in release.