CVE-2019-9917 - Invalid encoding crash
Bug #1821760 reported by
Thomas Ward
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| znc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Xenial |
New
|
Undecided
|
Unassigned | ||
| Bionic |
New
|
Undecided
|
Unassigned | ||
| Cosmic |
Fix Released
|
Undecided
|
Unassigned | ||
| Disco |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Hello.
ZNC is affected by CVE-2019-9917, in which the use of an invalid encoding can cause a crash.
This is fixed upstream in the following code commit:
https:/
This has not yet been released into a stable ZNC version, but the fix is made available in Debian as 1.7.2-2.
CVE References
| Changed in znc (Ubuntu Disco): | |
| status: | New → Fix Released |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in znc (Ubuntu Cosmic): | |
| status: | New → Fix Released |
To post a comment you must log in.
This bug was fixed in the package znc - 1.7.1-2ubuntu0.1
---------------
znc (1.7.1-2ubuntu0.1) cosmic-security; urgency=medium
* SECURITY UPDATE: Fix DoS while using an invalid encoding (LP: #1821760)
- debian/
encoding.
- CVE-2019-9917
-- Paulo Flabiano Smorigo <email address hidden> Mon, 08 Apr 2019 10:56:22 -0300