Comment 1 Larry the Git Cow 2019-06-16 14:03:34 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f70923983bf75ea5175942f34d9825a2193dc846

commit f70923983bf75ea5175942f34d9825a2193dc846
Author:     Louis Sautier <sbraz@gentoo.org>
AuthorDate: 2019-06-16 14:01:53 +0000
Commit:     Louis Sautier <sbraz@gentoo.org>
CommitDate: 2019-06-16 14:03:24 +0000

    net-irc/znc: bump 1.7.4_rc1, fixes authenticated RCE CVE-2019-12816
    
    Bug: https://bugs.gentoo.org/688152
    Package-Manager: Portage-2.3.67, Repoman-2.3.14
    Signed-off-by: Louis Sautier <sbraz@gentoo.org>

 net-irc/znc/Manifest             |   1 +
 net-irc/znc/znc-1.7.4_rc1.ebuild | 182 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 183 insertions(+)

Comment 2 Louis Sautier (sbraz) 2019-06-16 14:27:56 UTC

Arches, can you please stabilize?

Comment 3 Thomas Deutschmann (RETIRED) 2019-06-18 18:26:42 UTC

x86 stable

Comment 4 Mikle Kolyada (RETIRED) 2019-06-20 09:26:35 UTC

amd64 stable

Comment 5 Larry the Git Cow 2019-06-25 22:05:16 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5117fe83797d162c186cd4e04385949eb9a55da8

commit 5117fe83797d162c186cd4e04385949eb9a55da8
Author:     Louis Sautier <sbraz@gentoo.org>
AuthorDate: 2019-06-25 21:42:58 +0000
Commit:     Louis Sautier <sbraz@gentoo.org>
CommitDate: 2019-06-25 21:56:24 +0000

    net-irc/znc: bump to 1.7.4
    
    There are no differences compared to rc1 except for the version change:
    https://github.com/znc/znc/compare/znc-1.7.4-rc1...znc-1.7.4
    
    Bug: https://bugs.gentoo.org/688152
    Package-Manager: Portage-2.3.67, Repoman-2.3.14
    Signed-off-by: Louis Sautier <sbraz@gentoo.org>

 net-irc/znc/Manifest                                   | 2 +-
 net-irc/znc/{znc-1.7.4_rc1.ebuild => znc-1.7.4.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

Comment 6 Louis Sautier (sbraz) 2019-06-25 22:09:25 UTC

I've bumped to the final release which is the same except for the the version number. Now we only need arm to mark 1.7.4 as stable.

Comment 7 Mikle Kolyada (RETIRED) 2019-07-28 20:18:23 UTC

arm stable

Comment 8 Larry the Git Cow 2019-07-28 23:05:39 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1df133a9e287eccda10b2d280a6aaeb28ea0c0b

commit b1df133a9e287eccda10b2d280a6aaeb28ea0c0b
Author:     Louis Sautier <sbraz@gentoo.org>
AuthorDate: 2019-07-28 23:04:46 +0000
Commit:     Louis Sautier <sbraz@gentoo.org>
CommitDate: 2019-07-28 23:05:19 +0000

    net-irc/znc: remove vulnerable version 1.7.3
    
    Bug: https://bugs.gentoo.org/688152
    Package-Manager: Portage-2.3.69, Repoman-2.3.16
    Signed-off-by: Louis Sautier <sbraz@gentoo.org>

 net-irc/znc/Manifest         |   1 -
 net-irc/znc/znc-1.7.3.ebuild | 182 -------------------------------------------
 2 files changed, 183 deletions(-)

Comment 9 GLSAMaker/CVETool Bot 2019-08-15 15:56:56 UTC

This issue was resolved and addressed in
 GLSA 201908-15 at https://security.gentoo.org/glsa/201908-15
by GLSA coordinator Aaron Bauman (b-man).