-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 01 Aug 2009 20:23:03 +0200 Source: znc Binary: znc Architecture: source amd64 Version: 0.045-3+etch3 Distribution: oldstable-security Urgency: high Maintainer: Patrick Matthäi <pmatthaei@debian.org> Changed-By: Patrick Matthäi <pmatthaei@debian.org> Description: znc - an advanced IRC bouncer Closes: 537977 Changes: znc (0.045-3+etch3) oldstable-security; urgency=high . * Fixes an high-impact directory traversal bug, where unprivileged users can save about DCC SEND files on the server with the rights of the znc process. The attacker could also use the exploit to get a shell on the server. Closes: #537977 * Change my email address, the old one is not reachable anymore. Files: 933a585b14d230df9dd1a8b6ee5ad4b6 667 net optional znc_0.045-3+etch3.dsc 330d9e4ac7894dbfec53bf9cf1e52660 14501 net optional znc_0.045-3+etch3.diff.gz ed5f4fe35ce0a2550aa16a423e100065 794176 net optional znc_0.045-3+etch3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkp0ib0ACgkQ2XA5inpabMcEYwCdGO/6u7RfNaKGMWLSVKNF+ve1 riwAn3JZUa3SfP6J5yeE49PB26QoG0v1 =iWb1 -----END PGP SIGNATURE----- Accepted: znc_0.045-3+etch3.diff.gz to pool/main/z/znc/znc_0.045-3+etch3.diff.gz znc_0.045-3+etch3.dsc to pool/main/z/znc/znc_0.045-3+etch3.dsc znc_0.045-3+etch3_amd64.deb to pool/main/z/znc/znc_0.045-3+etch3_amd64.deb
