CVE-2019-9917 - Invalid encoding crash
Bug #1821760 reported by
Thomas Ward
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
znc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
New
|
Undecided
|
Unassigned | ||
Bionic |
New
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Undecided
|
Unassigned | ||
Disco |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Hello.
ZNC is affected by CVE-2019-9917, in which the use of an invalid encoding can cause a crash.
This is fixed upstream in the following code commit:
https:/
This has not yet been released into a stable ZNC version, but the fix is made available in Debian as 1.7.2-2.
CVE References
Changed in znc (Ubuntu Disco): | |
status: | New → Fix Released |
To post a comment you must log in.
This bug was fixed in the package znc - 1.7.1-2ubuntu0.1
---------------
znc (1.7.1-2ubuntu0.1) cosmic-security; urgency=medium
* SECURITY UPDATE: Fix DoS while using an invalid encoding (LP: #1821760) patches/ CVE-2019- 9917.patch: Don't crash if user specified invalid
- debian/
encoding.
- CVE-2019-9917
-- Paulo Flabiano Smorigo <email address hidden> Mon, 08 Apr 2019 10:56:22 -0300