-
znc (1.2-3ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: Privilege escalation for non-admin users (LP: #1781925)
- debian/patches/CVE-2018-14055-1.patch: Remove newlines from incoming
network configuration change directives. Based on upstream patch.
- debian/patches/CVE-2018-14055-2.patch: Remove extra newlines when
writing out configuration file. Based on upstream patch.
- CVE-2018-14055
* SECURITY UPDATE: Path traversal flaw allows access to files outside of
skins (LP: #1781925)
- debian/patches/CVE-2018-14056.patch: Replace path traversal components
in skin names to ensure path traversal is not possible. Based on
upstream patch.
- CVE-2018-14056
* SECURITY UPDATE: Denial of service (crash) from remote authenticated users
- debian/patches/CVE-2014-9403.patch: Check whether channel exists
when dealing with user specified channel name. Based on upstream
patch.
- CVE-2014-9403
-- Alex Murray <email address hidden> Tue, 07 Aug 2018 14:38:37 +0930
-
znc (1.2-3build1) trusty; urgency=medium
* No-change rebuild for Python 3.4.
-- Matthias Klose <email address hidden> Wed, 19 Feb 2014 13:06:03 +0100
-
znc (1.2-3) unstable; urgency=low
* znc binary was gone, whops.
Closes: #732154
-- Patrick Matthäi <email address hidden> Mon, 16 Dec 2013 12:39:00 +0100
-
znc (1.2-2) unstable; urgency=low
* Merged znc-extra package into znc.
Closes: #731297
-- Patrick Matthäi <email address hidden> Thu, 12 Dec 2013 10:16:58 +0100
-
znc (1.2-1) unstable; urgency=low
* New upstream release.
Closes: #728786
- Remove merged patch 01-spelling-error.
- Remove merged patch 02-CVE-2013-2130.
- License has been changed to Apache-2.0.
- Disable new tests, because they require an internet connection.
- Add new znc-extra module modules_online.
- Remove AUTHORS file.
* Bump Standards-Version to 3.9.5 (no changes needed).
* Don't explicitly request xz compression - dpkg 1.17 does this by default.
-- Patrick Matthäi <email address hidden> Fri, 08 Nov 2013 13:13:58 +0100
-
znc (1.0-5build1) trusty; urgency=low
* Rebuild for Perl 5.18.
-- Colin Watson <email address hidden> Mon, 21 Oct 2013 12:40:35 +0100
-
znc (1.0-5) unstable; urgency=medium
* Add upstream patch 02-CVE-2013-2130 to fix a NULL pointer dereference in
the webadmin module as described in CVE-2013-2130.
Closes: #720632
* Remove deprecated dh_pysupport.
* Remove unused hardening-no-fortify-functions lintian overrides.
* Add some lintian overrides for false positive spelling errors.
* Remove both .pyc files and hope that the Python module is still working.
* Limit dh_python3 to package znc-python. This helper is doing some realy
strange things.
* Remove python:Depends.
-- Patrick Matthäi <email address hidden> Mon, 26 Aug 2013 11:21:18 +0200
