CVE-2019-12816
Bug #1833143 reported by
Thomas Ward
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| znc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Xenial |
Confirmed
|
Undecided
|
Unassigned | ||
| Bionic |
Confirmed
|
Undecided
|
Unassigned | ||
| Cosmic |
Confirmed
|
Undecided
|
Thomas Ward | ||
| Disco |
Won't Fix
|
Undecided
|
Thomas Ward | ||
| Eoan |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
CVE-2019-12816 addresses a remote code execution and privilege escalation vulnerability. To trigger this, need to have a user already.
Details on the exploit are not included here, however Upstream has a fix.
Eoan has a fix in proposed (autosync).
Note that this will require a No Changes Rebuild in Security for znc-backlog to go along with this, otherwise znc-backlog is not installable.
Unit193 uploaded a no change rebuild for znc-backlog in Eoan. Disco is where this conflict will happen.
| description: | updated |
| Changed in znc (Ubuntu Disco): | |
| status: | New → Confirmed |
| Changed in znc (Ubuntu Cosmic): | |
| status: | New → Confirmed |
| Changed in znc (Ubuntu Bionic): | |
| status: | New → Confirmed |
| Changed in znc (Ubuntu Xenial): | |
| status: | New → Confirmed |
| Changed in znc (Ubuntu Disco): | |
| assignee: | nobody → Thomas Ward (teward) |
| Changed in znc (Ubuntu Cosmic): | |
| assignee: | nobody → Thomas Ward (teward) |
| Changed in znc (Ubuntu Eoan): | |
| status: | Confirmed → Fix Committed |
Revision history for this message
| Mattia Rizzolo (mapreri) wrote | #1 |
| Changed in znc (Ubuntu Eoan): | |
| status: | Fix Committed → Fix Released |
| information type: | Public → Public Security |
| Changed in znc (Ubuntu Eoan): | |
| assignee: | Thomas Ward (teward) → nobody |
| Changed in znc (Ubuntu Disco): | |
| status: | Confirmed → Won't Fix |
To post a comment you must log in.
1.7.2-3 with the fix landed in release.