Debian Package Tracker

From: Chris Lamb <lamby@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted znc 1.4-2+deb8u1 (source amd64) into oldstable
Date: Sun, 15 Jul 2018 12:30:28 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 15 Jul 2018 12:46:27 +0100
Source: znc
Binary: znc znc-dbg znc-dev znc-perl znc-python znc-tcl
Architecture: source amd64
Version: 1.4-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 znc        - advanced modular IRC bouncer
 znc-dbg    - advanced modular IRC bouncer (debugging symbols)
 znc-dev    - advanced modular IRC bouncer (development headers)
 znc-perl   - advanced modular IRC bouncer (Perl extension)
 znc-python - advanced modular IRC bouncer (Python extension)
 znc-tcl    - advanced modular IRC bouncer (Tcl extension)
Closes: 903787 903788
Changes:
 znc (1.4-2+deb8u1) jessie-security; urgency=high
 .
   * CVE-2018-14055: Fix an issue where there was insufficient validation of
     lines coming from the network allowing a non-admin user to escalate his
     privilege and inject rogue values into znc.conf. (Closes: #903787)
   * CVE-2018-14056: Prevent a path traversal vulnerability via "../" being
     embedded in a web skin name to access files outside of the allowed
     directory. (Closes: #903788)
Checksums-Sha1:
 65e6e9b5e893f1fcff97e6474c67ccbbb088bc34 2041 znc_1.4-2+deb8u1.dsc
 6dafcf12b15fdb95eac5b427c8507c1095e904b4 1239648 znc_1.4.orig.tar.gz
 bf4ae0bcb616038c50df80f7e627b4d61a2d0d99 15288 znc_1.4-2+deb8u1.debian.tar.xz
 03427fd1b7c4148e22d9e7fd8225ea3dd1410662 1385056 znc_1.4-2+deb8u1_amd64.deb
 d0575d1e71e9720afa1f24256712cea6ce0d1bd8 23416812 znc-dbg_1.4-2+deb8u1_amd64.deb
 3aec21887c01d8fbb3441f27b2b137f347160d05 64794 znc-dev_1.4-2+deb8u1_amd64.deb
 9e7b7607c004a2b92148be8d19e24b1f67cea602 605472 znc-perl_1.4-2+deb8u1_amd64.deb
 d4f55f5a26ffa55df7353267b2799af8f971a52d 627814 znc-python_1.4-2+deb8u1_amd64.deb
 e71842773af5fa7c46670cc44a699c3e226c9f24 43378 znc-tcl_1.4-2+deb8u1_amd64.deb
Checksums-Sha256:
 af7f44345f774cb703d2daf22baf7825bfd438792a24b390b035b781630fb4db 2041 znc_1.4-2+deb8u1.dsc
 86e98fd0ed182d39828c926809f8075d836ee3b70a6dd43dfbb434822f2a7b52 1239648 znc_1.4.orig.tar.gz
 82bb6d966f78809c3e2432779c34b217c3eee3bbb7a6b93cc4a9579a97ed6226 15288 znc_1.4-2+deb8u1.debian.tar.xz
 c2795dd911e6aef2d078783703b026ac318e60ea9ba23cb7431fc872da3ef460 1385056 znc_1.4-2+deb8u1_amd64.deb
 c26f491b25cc51f4eab319ecd12828e4d2245c256194959f0be7ac0849c9a50c 23416812 znc-dbg_1.4-2+deb8u1_amd64.deb
 8c3f379aa29c8f017aa9ad23b376ff568ff4e94b68a9f70acbf1886262485c88 64794 znc-dev_1.4-2+deb8u1_amd64.deb
 4698da60fb829d693fa74481db9d0be7ae02977a43f9e551823d68f7429ccda6 605472 znc-perl_1.4-2+deb8u1_amd64.deb
 0a867e37d0a5c42ba063c96e2c43e3e63ce0654cf845fbec1ff6eb328e93769d 627814 znc-python_1.4-2+deb8u1_amd64.deb
 5befe8cb150840377f845d81d7a8aa94ff56512f90f9036e8daa170273100406 43378 znc-tcl_1.4-2+deb8u1_amd64.deb
Files:
 cbc7bb36b2fb27e5614341f7f5276ec7 2041 net optional znc_1.4-2+deb8u1.dsc
 630cb74db34d2d5451ba30b47869f6bb 1239648 net optional znc_1.4.orig.tar.gz
 e7f7354afba145ba9e0ee0f75819a618 15288 net optional znc_1.4-2+deb8u1.debian.tar.xz
 e9be6426f80604aa8b29a1641da619c4 1385056 net optional znc_1.4-2+deb8u1_amd64.deb
 042dba06a05adde8e14d0748e094b39d 23416812 debug extra znc-dbg_1.4-2+deb8u1_amd64.deb
 9a0feb5afb245585189cb60f7e64b92f 64794 net optional znc-dev_1.4-2+deb8u1_amd64.deb
 35887e0b83abddd3e11d1c8625168f90 605472 net optional znc-perl_1.4-2+deb8u1_amd64.deb
 afc31bbd46345fed4b4775d3fdf9c1b7 627814 net optional znc-python_1.4-2+deb8u1_amd64.deb
 075455012dc4577b8859a457e396b1aa 43378 interpreters optional znc-tcl_1.4-2+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAltLPYEACgkQHpU+J9Qx
HliArg//baP7t6QEGBzMKWpRrMvTTjoU5eT8CA8Rd7b9ELr+DNfNChrg/aNI2bKB
1mj/q+eBQwfCIOtVGjqUyfdjc2ad+RJMmxNxsAZ2oW4uVQmhH45/p/6DfufEHaOM
givFGqXUsyypXZPsr2uyCJInWsZlOVIDD/5yRJJ3RL1iOzU0Rf48xbqj1hfwAWWf
4Fg8hj1S8TSmqaxsPlUkXvcPyPZgweffuFVXMKLqGejhBDQb562eV3GSnpmls0es
bVmVcarIelFpnEs2c71083S96nsv+0oV/+pQkyIE2loxF6HvstqH3F+Ysvudk0q3
k8JV+acwlhdjUYLSqFYWhuKGO5DdD29VAw4Mmj6L+JGx/ghbzJLPodC0Uz12Sqbe
qS0rs+DLW8m9SrL+oJzI56AipJXaZgGgjUu4A66EdHXq5UInOQuW9cj2fcbiYmsA
pMZrKo4O8hP0xDyqtCC9tSKbUaVVKPzvRg4tS1321cak5I8u46gyEdf5Ld4qE4pK
2oEklVwmZGRa0EBDHtfl3/T3wlYa2Er/XDIdDhaJsPAkYAQSiPeG0X5EsD3wRyb/
LuSWBSZ0CbJaV5qU8rvAh6B+VSRBLLOx0Lqbp42ID/9fJSG8c+2Yq/ioA8Pa6xTv
W6/hm/lVaQ0NxASrANfuov7q9CrBd4B8pPN8zVG3PBCMURlS19A=
=hfXY
-----END PGP SIGNATURE-----
News for package znc
