* SECURITY UPDATE: Privilege escalation for non-admin users (LP: #1781925)
- debian/patches/CVE-2018-14055-1.patch: Remove newlines from incoming
network configuration change directives. Based on upstream patch.
- debian/patches/CVE-2018-14055-2.patch: Remove extra newlines when
writing out configuration file. Based on upstream patch.
- CVE-2018-14055
* SECURITY UPDATE: Path traversal flaw allows access to files outside of
skins (LP: #1781925)
- debian/patches/CVE-2018-14056.patch: Replace path traversal components
in skin names to ensure path traversal is not possible. Based on
upstream patch.
- CVE-2018-14056
This bug was fixed in the package znc - 1.6.6-1ubuntu0.1
---------------
znc (1.6.6-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Privilege escalation for non-admin users (LP: #1781925) patches/ CVE-2018- 14055-1. patch: Remove newlines from incoming patches/ CVE-2018- 14055-2. patch: Remove extra newlines when patches/ CVE-2018- 14056.patch: Replace path traversal components
- debian/
network configuration change directives. Based on upstream patch.
- debian/
writing out configuration file. Based on upstream patch.
- CVE-2018-14055
* SECURITY UPDATE: Path traversal flaw allows access to files outside of
skins (LP: #1781925)
- debian/
in skin names to ensure path traversal is not possible. Based on
upstream patch.
- CVE-2018-14056
-- Alex Murray <email address hidden> Thu, 26 Jul 2018 15:28:39 +0930