[Backports-security-announce] Security Update for znc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Patrick Matthäi uploaded new packages for znc which fixed the
following security problems:
CVE-2009-0759, Debian BTS #516950
It was discovered that znc, an IRC proxy/bouncer, does not properly
sanitize input contained in configuration change requests to the
webadmin interface.
This allows authenticated users to elevate their
privileges and indirectly execute arbitrary commands.
For the etch-backports distribution the problem has been fixed in
version 0.058-2~bpo40+2.
For the lenny distribution the problem has been fixed in
version 0.058-2+lenny1.
For the sid distribution the problem has been fixed in
version 0.066-1.
Upgrade instructions
- --------------------
If you don't use pinning (see [1]) you have to update the packages
manually via "apt-get -t etch-backports install znc" with the
packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:
Package: *
Pin: release a=etch-backports
Pin-Priority: 200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkm3nOQACgkQ2XA5inpabMd0GQCffwy8foQjn2YnbIzyGHKPRMlh
x3sAniGvg7//+uIIKpLlzpfHbC2M40cy
=nMz6
-----END PGP SIGNATURE-----
Reply to: