From ${URL} : Description Multiple vulnerabilities have been reported in ZNC, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerabilities are caused due to errors when handling the "editnetwork", "editchan", "addchan", and "delchan" page requests and can be exploited to cause a NULL pointer dereference. The vulnerabilities are reported in version 1.0. Solution Fixed in the git repository. Provided and/or discovered by The vendor credits Simone "ChauffeR" Esposito. Original Advisory ZNC: https://github.com/znc/znc/commit/2bd410ee5570cea127233f1133ea22f25174eb28 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
The issue is fixed in =net-irc/znc-1.0-r2 which is ready for stabilization.
amd64: pass
amd64: ok (builds, runs)
x86 stable
amd64 stable
GLSA vote: yes
GLSA Vote: Yes Created a New GLSA request.
CVE-2013-2130 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2130): ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp.
This issue was resolved and addressed in GLSA 201412-31 at http://security.gentoo.org/glsa/glsa-201412-31.xml by GLSA coordinator Sean Amoss (ackle).