Summary: | <net-irc/znc-0.074 Path traversal bug in core (CVE-2009-2658) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Brayan Arraes (YacK) <brayan> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | Dessa, gentoo, net-irc, tais.hansen |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://thread.gmane.org/gmane.comp.security.oss.general/1924 | ||
Whiteboard: | B1/2? [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Brayan Arraes (YacK)
2009-07-22 12:51:19 UTC
please note that 0.072 had a regression which broke webadmin skins with images 0.072 shouldn't be considered being a stable version but 0.074 should be which got released today Thanks. net-irc: Please bump to 0.074. CVE-2009-2658 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2658): Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request. +*znc-0.074 (12 Aug 2009) + + 12 Aug 2009; Alex Legler <a3li@gentoo.org> -znc-0.060.ebuild, + -znc-0.070.ebuild, +znc-0.074.ebuild, metadata.xml: + Non-maintainer commit: Version bump for security bug 278684. Removing + unneded vulnerable versions. Adding local "ares" USE flag for + newly-introduced support for c-ares in 0.074. + Arches, please test and mark stable: =net-irc/znc-0.074 Target keywords : "amd64 x86" x86 stable amd64 stable, all arches done. GLSA request filed. GLSA 200909-17, thanks everyone. |