I'm currently testing this and will add the ebuild to the tree ASAP.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f70923983bf75ea5175942f34d9825a2193dc846 commit f70923983bf75ea5175942f34d9825a2193dc846 Author: Louis Sautier <sbraz@gentoo.org> AuthorDate: 2019-06-16 14:01:53 +0000 Commit: Louis Sautier <sbraz@gentoo.org> CommitDate: 2019-06-16 14:03:24 +0000 net-irc/znc: bump 1.7.4_rc1, fixes authenticated RCE CVE-2019-12816 Bug: https://bugs.gentoo.org/688152 Package-Manager: Portage-2.3.67, Repoman-2.3.14 Signed-off-by: Louis Sautier <sbraz@gentoo.org> net-irc/znc/Manifest | 1 + net-irc/znc/znc-1.7.4_rc1.ebuild | 182 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 183 insertions(+)
Arches, can you please stabilize?
x86 stable
amd64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5117fe83797d162c186cd4e04385949eb9a55da8 commit 5117fe83797d162c186cd4e04385949eb9a55da8 Author: Louis Sautier <sbraz@gentoo.org> AuthorDate: 2019-06-25 21:42:58 +0000 Commit: Louis Sautier <sbraz@gentoo.org> CommitDate: 2019-06-25 21:56:24 +0000 net-irc/znc: bump to 1.7.4 There are no differences compared to rc1 except for the version change: https://github.com/znc/znc/compare/znc-1.7.4-rc1...znc-1.7.4 Bug: https://bugs.gentoo.org/688152 Package-Manager: Portage-2.3.67, Repoman-2.3.14 Signed-off-by: Louis Sautier <sbraz@gentoo.org> net-irc/znc/Manifest | 2 +- net-irc/znc/{znc-1.7.4_rc1.ebuild => znc-1.7.4.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-)
I've bumped to the final release which is the same except for the the version number. Now we only need arm to mark 1.7.4 as stable.
arm stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1df133a9e287eccda10b2d280a6aaeb28ea0c0b commit b1df133a9e287eccda10b2d280a6aaeb28ea0c0b Author: Louis Sautier <sbraz@gentoo.org> AuthorDate: 2019-07-28 23:04:46 +0000 Commit: Louis Sautier <sbraz@gentoo.org> CommitDate: 2019-07-28 23:05:19 +0000 net-irc/znc: remove vulnerable version 1.7.3 Bug: https://bugs.gentoo.org/688152 Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Louis Sautier <sbraz@gentoo.org> net-irc/znc/Manifest | 1 - net-irc/znc/znc-1.7.3.ebuild | 182 ------------------------------------------- 2 files changed, 183 deletions(-)
This issue was resolved and addressed in GLSA 201908-15 at https://security.gentoo.org/glsa/201908-15 by GLSA coordinator Aaron Bauman (b-man).