[Backports-security-announce] Security Update for znc

To: backports-security-announce@lists.backports.org
Subject: [Backports-security-announce] Security Update for znc
From: Patrick Matthäi <patrick@linux-dev.org>
Date: Wed, 11 Mar 2009 12:13:41 +0100
Message-id: <[🔎] 49B79CE5.3030905@linux-dev.org>
Reply-to: backports-users@lists.backports.org, patrick@linux-dev.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Patrick Matthäi uploaded new packages for znc which fixed the
following security problems:

CVE-2009-0759, Debian BTS #516950

  It was discovered that znc, an IRC proxy/bouncer, does not properly
  sanitize input contained in configuration change requests to the
  webadmin interface.
  This allows authenticated users to elevate their
  privileges and indirectly execute arbitrary commands.


For the etch-backports distribution the problem has been fixed in
version 0.058-2~bpo40+2.

For the lenny distribution the problem has been fixed in
version 0.058-2+lenny1.

For the sid distribution the problem has been fixed in
version 0.066-1.

Upgrade instructions
- --------------------

If you don't use pinning (see [1]) you have to update the packages
manually via "apt-get -t etch-backports install znc" with the
packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>

We recommend to pin the backports repository to 200 so that new versions
of installed  backports will be installed automatically:

  Package: *
  Pin: release a=etch-backports
  Pin-Priority: 200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkm3nOQACgkQ2XA5inpabMd0GQCffwy8foQjn2YnbIzyGHKPRMlh
x3sAniGvg7//+uIIKpLlzpfHbC2M40cy
=nMz6
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [Backports-security-announce] Security Update for mediawiki
Previous by thread: [Backports-security-announce] Security Update for mediawiki
Index(es):
- Date
- Thread