diff -Nru znc-1.6.3/debian/changelog znc-1.6.3/debian/changelog
--- znc-1.6.3/debian/changelog	2018-07-26 05:14:13.000000000 +0000
+++ znc-1.6.3/debian/changelog	2019-06-26 13:48:57.000000000 +0000
@@ -1,3 +1,14 @@
+znc (1.6.3-1ubuntu0.2) xenial-security; urgency=medium
+
+  * SECURITY UPDATE: Fix vulnerability that allows remote authenticated
+    non-admin users to escalate privileges and execute arbitrary code by
+    loading a module with a crafted name.
+    - debian/patches/CVE-2019-12816.patch: Fix remote code execution and
+      privilege escalation.
+    - CVE-2019-12816
+
+ -- Paulo Flabiano Smorigo <pfsmorigo@canonical.com>  Wed, 26 Jun 2019 10:48:57 -0300
+
 znc (1.6.3-1ubuntu0.1) xenial-security; urgency=medium
 
   * SECURITY UPDATE: Privilege escalation for non-admin users (LP: #1781925)
diff -Nru znc-1.6.3/debian/patches/CVE-2019-12816.patch znc-1.6.3/debian/patches/CVE-2019-12816.patch
--- znc-1.6.3/debian/patches/CVE-2019-12816.patch	1970-01-01 00:00:00.000000000 +0000
+++ znc-1.6.3/debian/patches/CVE-2019-12816.patch	2019-06-26 14:47:29.000000000 +0000
@@ -0,0 +1,90 @@
+From 8de9e376ce531fe7f3c8b0aa4876d15b479b7311 Mon Sep 17 00:00:00 2001
+From: Alexey Sokolov <alexey+znc@asokolov.org>
+Date: Wed, 12 Jun 2019 08:57:29 +0100
+Subject: [PATCH] Fix remote code execution and privilege escalation
+ vulnerability.
+
+To trigger this, need to have a user already.
+
+Thanks for Jeriko One <jeriko.one@gmx.us> for finding and reporting this.
+
+CVE-2019-12816
+---
+ include/znc/Modules.h |  1 +
+ src/Modules.cpp       | 38 +++++++++++++++++++++++++++++---------
+ 2 files changed, 30 insertions(+), 9 deletions(-)
+
+--- znc-1.6.3.orig/include/znc/Modules.h
++++ znc-1.6.3/include/znc/Modules.h
+@@ -1253,6 +1253,7 @@ public:
+ private:
+ 	static ModHandle OpenModule(const CString& sModule, const CString& sModPath,
+ 			bool &bVersionMismatch, CModInfo& Info, CString& sRetMsg);
++	static bool ValidateModuleName(const CString& sModule, CString& sRetMsg);
+ 
+ protected:
+ 	CUser*        m_pUser;
+--- znc-1.6.3.orig/src/Modules.cpp
++++ znc-1.6.3/src/Modules.cpp
+@@ -1014,9 +1014,26 @@ CModule* CModules::FindModule(const CStr
+ 	return NULL;
+ }
+ 
++bool CModules::ValidateModuleName(const CString& sModule, CString& sRetMsg) {
++	for (unsigned int a = 0; a < sModule.length(); a++) {
++		if (((sModule[a] < '0') || (sModule[a] > '9')) &&
++			((sModule[a] < 'a') || (sModule[a] > 'z')) &&
++			((sModule[a] < 'A') || (sModule[a] > 'Z')) && (sModule[a] != '_')) {
++			sRetMsg = "Module names can only contain letters, numbers and underscores, [" + sModule + "] is invalid.";
++			return false;
++		}
++	}
++
++	return true;
++}
++
+ bool CModules::LoadModule(const CString& sModule, const CString& sArgs, CModInfo::EModuleType eType, CUser* pUser, CIRCNetwork *pNetwork, CString& sRetMsg) {
+ 	sRetMsg = "";
+ 
++	if (!ValidateModuleName(sModule, sRetMsg)) {
++		return false;
++	}
++
+ 	if (FindModule(sModule) != NULL) {
+ 		sRetMsg = "Module [" + sModule + "] already loaded.";
+ 		return false;
+@@ -1165,6 +1182,10 @@ bool CModules::ReloadModule(const CStrin
+ }
+ 
+ bool CModules::GetModInfo(CModInfo& ModInfo, const CString& sModule, CString& sRetMsg) {
++	if (!ValidateModuleName(sModule, sRetMsg)) {
++		return false;
++	}
++
+ 	CString sModPath, sTmp;
+ 
+ 	bool bSuccess;
+@@ -1181,6 +1202,9 @@ bool CModules::GetModInfo(CModInfo& ModI
+ }
+ 
+ bool CModules::GetModPathInfo(CModInfo& ModInfo, const CString& sModule, const CString& sModPath, CString& sRetMsg) {
++	if (!ValidateModuleName(sModule, sRetMsg)) {
++		return false;
++	}
+ 	bool bVersionMismatch;
+ 
+ 	ModHandle p = OpenModule(sModule, sModPath, bVersionMismatch, ModInfo, sRetMsg);
+@@ -1302,11 +1326,8 @@ ModHandle CModules::OpenModule(const CSt
+ 	bVersionMismatch = false;
+ 	sRetMsg.clear();
+ 
+-	for (unsigned int a = 0; a < sModule.length(); a++) {
+-		if (((sModule[a] < '0') || (sModule[a] > '9')) && ((sModule[a] < 'a') || (sModule[a] > 'z')) && ((sModule[a] < 'A') || (sModule[a] > 'Z')) && (sModule[a] != '_')) {
+-			sRetMsg = "Module names can only contain letters, numbers and underscores, [" + sModule + "] is invalid.";
+-			return NULL;
+-		}
++	if (!ValidateModuleName(sModule, sRetMsg)) {
++		return NULL;
+ 	}
+ 
+ 	// The second argument to dlopen() has a long history. It seems clear
diff -Nru znc-1.6.3/debian/patches/series znc-1.6.3/debian/patches/series
--- znc-1.6.3/debian/patches/series	2018-07-25 06:52:08.000000000 +0000
+++ znc-1.6.3/debian/patches/series	2019-06-26 14:47:29.000000000 +0000
@@ -1,3 +1,4 @@
 CVE-2018-14055-1.patch
 CVE-2018-14055-2.patch
 CVE-2018-14056.patch
+CVE-2019-12816.patch