** Description changed: CVE-2019-12816 addresses a remote code execution and privilege escalation vulnerability. To trigger this, need to have a user already. Details on the exploit are not included here, however Upstream has a fix. Eoan has a fix in proposed (autosync). + + Note that this will require a No Changes Rebuild in Security for znc-backlog to go along with this, otherwise znc-backlog is not installable. + Unit193 uploaded a no change rebuild for znc-backlog in Eoan. Disco is where this conflict will happen.
** Also affects: znc (Ubuntu Eoan) Importance: Undecided Assignee: Thomas Ward (teward) Status: Confirmed ** Also affects: znc (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: znc (Ubuntu Cosmic) Importance: Undecided Status: New ** Also affects: znc (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: znc (Ubuntu Disco) Importance: Undecided Status: New ** Changed in: znc (Ubuntu Disco) Status: New => Confirmed ** Changed in: znc (Ubuntu Cosmic) Status: New => Confirmed ** Changed in: znc (Ubuntu Bionic) Status: New => Confirmed ** Changed in: znc (Ubuntu Xenial) Status: New => Confirmed ** Changed in: znc (Ubuntu Disco) Assignee: (unassigned) => Thomas Ward (teward) ** Changed in: znc (Ubuntu Cosmic) Assignee: (unassigned) => Thomas Ward (teward) ** Changed in: znc (Ubuntu Eoan) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1833143 Title: CVE-2019-12816 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/znc/+bug/1833143/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs