Comment 0 for bug 1090195

I plan on trying to patch these over the next few weeks or so, hence the "bug report".

Based on information found in http://people.canonical.com/~ubuntu-security/cve/pkg/znc.html, the following CVEs are unfixed in the version of ZNC on Lucid (and indirectly, on Hardy, although Hardy's codebase is old enough for any patches to not apply correctly):

CVE-2010-2448:
znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a
denial of service (crash) by requesting traffic statistics when there is an
active unauthenticated connection, which triggers a NULL pointer
dereference, as demonstrated using (1) a traffic link in the web
administration pages or (2) the traffic command in the /znc shell.

CVE-2010-2488:
denial of service bug - refer to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929 for additional details.

CVE-2010-2812:
Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of
service (exception and daemon crash) via a PING command that lacks an
argument.

CVE-2010-2934:
Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attackers to
cause a denial of service (exception and daemon crash) via unknown vectors
related to "unsafe substr() calls."

Currently supported Releases at the time of this bug report, and whether they are affected:
Hardy: Affected
Lucid: Affected (0.078-1 in release/universe)
Oneiric: Not Affected (0.098-2ubuntu1)
Precise: Not Affected (0.206-1)
Quantal: Not Affected (0.206-2)
Raring: Not Affected (1.0-1 in release/universe, 1.0-2 in proposed)