Debian Bug report logs - #516950
znc < 0.066 privilege escalation when using webadmin

version graph

Package: znc; Maintainer for znc is Patrick Matthäi <pmatthaei@debian.org>; Source for znc is src:znc.

Reported by: Uli Schlachter <psychon@znc.in>

Date: Tue, 24 Feb 2009 17:24:01 UTC

Severity: critical

Tags: security

Found in version znc/0.045-3+etch1

Fixed in versions znc/0.066-1, znc/0.045-3+etch2, znc/0.058-2+lenny1

Done: Patrick Matthäi <patrick.matthaei@web.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Patrick Matthäi <patrick.matthaei@web.de>:
Bug#516950; Package znc. (Tue, 24 Feb 2009 17:24:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Uli Schlachter <psychon@znc.in>:
New Bug report received and forwarded. Copy sent to Patrick Matthäi <patrick.matthaei@web.de>. (Tue, 24 Feb 2009 17:24:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Uli Schlachter <psychon@znc.in>
To: submit@bugs.debian.org
Subject: znc < 0.066 privilege escalation when using webadmin
Date: Tue, 24 Feb 2009 18:20:53 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package: znc
Version: 0.045-3+etch1
Tags: Security
Severity: critical

All ZNC versions which have webadmin contain a privilege escalation bug in
webadmin. This bug was fixed with znc 0.066.

A quote from the changelog[1]:

Webadmin doesn't properly validate user input. If you send a manipulated POST
request to webadmin's edit user page which includes newlines in e.g. the
QuitMessage field, this field will be written unmodified to the config. This way
you can add new lines to znc.conf. The new lines will not be parsed until the
next rehash or restart.
This can be done with nearly all input fields in webadmin. Because every user
can modify himself via webadmin, every user can exploit this bug.

[1] http://en.znc.in/wiki/ChangeLog/0.066
- --
"Do you know that books smell like nutmeg or some spice from a foreign land?"
                                                  -- Faber in Fahrenheit 451
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkmkLHQACgkQABixOSrV998/+gCePRf5EmG7t1+lztdsr+tE3m+3
jJsAoJwhjz7YdyvoLGjRyRSfCdNSClSh
=Hoee
-----END PGP SIGNATURE-----




Reply sent to Patrick Matthäi <patrick.matthaei@web.de>:
You have taken responsibility. (Tue, 24 Feb 2009 19:15:08 GMT) Full text and rfc822 format available.

Notification sent to Uli Schlachter <psychon@znc.in>:
Bug acknowledged by developer. (Tue, 24 Feb 2009 19:15:08 GMT) Full text and rfc822 format available.

Message #10 received at 516950-close@bugs.debian.org (full text, mbox):

From: Patrick Matthäi <patrick.matthaei@web.de>
To: 516950-close@bugs.debian.org
Subject: Bug#516950: fixed in znc 0.066-1
Date: Tue, 24 Feb 2009 18:47:20 +0000
Source: znc
Source-Version: 0.066-1

We believe that the bug you reported is fixed in the latest version of
znc, which is due to be installed in the Debian FTP archive:

znc-dbg_0.066-1_amd64.deb
  to pool/main/z/znc/znc-dbg_0.066-1_amd64.deb
znc-dev_0.066-1_amd64.deb
  to pool/main/z/znc/znc-dev_0.066-1_amd64.deb
znc-perl_0.066-1_amd64.deb
  to pool/main/z/znc/znc-perl_0.066-1_amd64.deb
znc-webadmin_0.066-1_amd64.deb
  to pool/main/z/znc/znc-webadmin_0.066-1_amd64.deb
znc_0.066-1.diff.gz
  to pool/main/z/znc/znc_0.066-1.diff.gz
znc_0.066-1.dsc
  to pool/main/z/znc/znc_0.066-1.dsc
znc_0.066-1_amd64.deb
  to pool/main/z/znc/znc_0.066-1_amd64.deb
znc_0.066.orig.tar.gz
  to pool/main/z/znc/znc_0.066.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 516950@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Patrick Matthäi <patrick.matthaei@web.de> (supplier of updated znc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 24 Feb 2009 18:21:42 +0200
Source: znc
Binary: znc znc-dbg znc-dev znc-perl znc-webadmin
Architecture: source amd64
Version: 0.066-1
Distribution: unstable
Urgency: high
Maintainer: Patrick Matthäi <patrick.matthaei@web.de>
Changed-By: Patrick Matthäi <patrick.matthaei@web.de>
Description: 
 znc        - an advanced IRC bouncer
 znc-dbg    - an advanced IRC bouncer (debugging symbols)
 znc-dev    - an advanced IRC bouncer (development headers)
 znc-perl   - an advanced IRC bouncer (Perl extension)
 znc-webadmin - an advanced IRC bouncer (webadmin module)
Closes: 516950
Changes: 
 znc (0.066-1) unstable; urgency=high
 .
   * New upstream release.
     - Severity high because it fixes a critical security flaw.
       Closes: #516950
   * znc-dev has to be arch:any, because it also gives back the used host
     compiler.
Checksums-Sha1: 
 26ffc3fafcfcd37f4a6e5c8e161b2f3d0127e4b5 1046 znc_0.066-1.dsc
 660f0694cda42f594dca7f2286dc460b1c0a3b65 387205 znc_0.066.orig.tar.gz
 9da1697c15b798cf4316124285b8a79c07d666f6 7678 znc_0.066-1.diff.gz
 e7291ed3279a9151cc946b22dacefc71a08bd9d5 769582 znc_0.066-1_amd64.deb
 7fb299539d5a7d25b79b2cd506496737346b8dca 4014966 znc-dbg_0.066-1_amd64.deb
 91499de97e7486f0e7757f685bd36b1bfdfd38bd 50444 znc-dev_0.066-1_amd64.deb
 9e59602cfe4f5642d12cb0a07582c60c956ee180 60720 znc-perl_0.066-1_amd64.deb
 ffe14fcdf6ae934d4c4825f93add5a626cf9db3e 207630 znc-webadmin_0.066-1_amd64.deb
Checksums-Sha256: 
 313292ef048304959262f0196000e1599183b9195f92cee3815c4d95f7d26614 1046 znc_0.066-1.dsc
 a49f5cc43a087a3f9c9a44f95897043e794e17449c7d449ef3320874a1e03cd3 387205 znc_0.066.orig.tar.gz
 a3cd78e82a1ce6e56343f2f1f2b20696c40439111ddac6c9ba0dcd31582ae8d4 7678 znc_0.066-1.diff.gz
 070b6a51f3d3a694d10d23fd82ba2c44fe2b3cfc943ce80a834a0e82870895fb 769582 znc_0.066-1_amd64.deb
 39aa548d63c206c038d0466dc806362b9cc57c92141624c6fb1c3e24c565562a 4014966 znc-dbg_0.066-1_amd64.deb
 ee37c4d635e9c352722d36be95ea9c339c3794f25394741ae37b9341447457cc 50444 znc-dev_0.066-1_amd64.deb
 1f464d9c236f6d3aa06b5634729409cce6fa59dd2163cb194452ea06b59119df 60720 znc-perl_0.066-1_amd64.deb
 e0e5d86058b79a38295091ae00d83111bee6803eeab9c0f3949ca48d727de23e 207630 znc-webadmin_0.066-1_amd64.deb
Files: 
 00bb57406ca2dc9b76b9d6e1f58bb1ec 1046 net optional znc_0.066-1.dsc
 a462b024cf7075c2124685260378591e 387205 net optional znc_0.066.orig.tar.gz
 5c966e0ffbf1f6bd0e41e2d08b7d9897 7678 net optional znc_0.066-1.diff.gz
 072734bb173ed0337550373e60d3c574 769582 net optional znc_0.066-1_amd64.deb
 8df51473a63c9f20d0253822c13c048c 4014966 net extra znc-dbg_0.066-1_amd64.deb
 2ddbf2f18eac2e339aa7284576726825 50444 net optional znc-dev_0.066-1_amd64.deb
 6ec84385948e2515dfec0d7abe67f847 60720 net optional znc-perl_0.066-1_amd64.deb
 3be6f69415cc6e2c0a08be4b5e7933f6 207630 net optional znc-webadmin_0.066-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkmkNU8ACgkQ2XA5inpabMcfcgCcCQwgkTHCLEtOQXQFAWaM4RWJ
h94AnRs4AzC0MRgWZ6Ae9ZWptzLzGmS7
=MUl7
-----END PGP SIGNATURE-----





Reply sent to Patrick Matthäi <patrick.matthaei@web.de>:
You have taken responsibility. (Fri, 13 Mar 2009 20:42:19 GMT) Full text and rfc822 format available.

Notification sent to Uli Schlachter <psychon@znc.in>:
Bug acknowledged by developer. (Fri, 13 Mar 2009 20:42:19 GMT) Full text and rfc822 format available.

Message #15 received at 516950-close@bugs.debian.org (full text, mbox):

From: Patrick Matthäi <patrick.matthaei@web.de>
To: 516950-close@bugs.debian.org
Subject: Bug#516950: fixed in znc 0.045-3+etch2
Date: Fri, 13 Mar 2009 20:01:16 +0000
Source: znc
Source-Version: 0.045-3+etch2

We believe that the bug you reported is fixed in the latest version of
znc, which is due to be installed in the Debian FTP archive:

znc_0.045-3+etch2.diff.gz
  to pool/main/z/znc/znc_0.045-3+etch2.diff.gz
znc_0.045-3+etch2.dsc
  to pool/main/z/znc/znc_0.045-3+etch2.dsc
znc_0.045-3+etch2_amd64.deb
  to pool/main/z/znc/znc_0.045-3+etch2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 516950@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Patrick Matthäi <patrick.matthaei@web.de> (supplier of updated znc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed,  4 Mar 2009 12:07:13 +0200
Source: znc
Binary: znc
Architecture: source amd64
Version: 0.045-3+etch2
Distribution: oldstable-security
Urgency: low
Maintainer: Patrick Matthäi <patrick.matthaei@web.de>
Changed-By: Patrick Matthäi <patrick.matthaei@web.de>
Description: 
 znc        - an advanced IRC bouncer
Closes: 516950
Changes: 
 znc (0.045-3+etch2) oldstable-security; urgency=low
 .
   * Backported upstream patch from the 0.066 release which fixes the handling
     of newlines in CHTTPSock::GetParam() and strip them out. This patch fixes
     an important privilege escalation in the webadmin module.
     Closes: #516950
Files: 
 1962af4c56b4c4c169832249d6b99f30 962 net optional znc_0.045-3+etch2.dsc
 9a514b125b7514811fd03befa73cce77 204863 net optional znc_0.045.orig.tar.gz
 c254e989604122fb7267a0fafeddfd95 12817 net optional znc_0.045-3+etch2.diff.gz
 80c9126c518abe062265cee5d94ca6f1 793694 net optional znc_0.045-3+etch2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJtCauAAoJEL97/wQC1SS+4UsH/R7TOVSGU2ElGTnzm+XpCYN9
w1GK9X+gqEe8L25lmsPWDPsESOtCh4FNc2msh7olF3seh00mxAaumwThp76c7+PX
mZAPLL2S3rH8CK26NejaZ57VLzAaFzv0UYThJB/VnlWmE8912W2tVTObOIC0VT9l
jm2KEtrW46iW+FOCKdHXjlTAs7K8Yry6MfOXfb75I1XYbqPGI8H3bDwVVY6W+SD7
TEBPAB1xZ6E+oSA+aioShES0SRIo2j3gx2nZwMXs5tXDMEm+xApNwiLRq/XJMWrN
ByNzzl8WQXbzwhgQF7ObUFgrT4kvfF/3bs1TBmv/HeDduMN4IpcXPW9FALHgtAI=
=uCgY
-----END PGP SIGNATURE-----





Reply sent to Patrick Matthäi <patrick.matthaei@web.de>:
You have taken responsibility. (Fri, 13 Mar 2009 21:15:02 GMT) Full text and rfc822 format available.

Notification sent to Uli Schlachter <psychon@znc.in>:
Bug acknowledged by developer. (Fri, 13 Mar 2009 21:15:02 GMT) Full text and rfc822 format available.

Message #20 received at 516950-close@bugs.debian.org (full text, mbox):

From: Patrick Matthäi <patrick.matthaei@web.de>
To: 516950-close@bugs.debian.org
Subject: Bug#516950: fixed in znc 0.058-2+lenny1
Date: Fri, 13 Mar 2009 20:00:55 +0000
Source: znc
Source-Version: 0.058-2+lenny1

We believe that the bug you reported is fixed in the latest version of
znc, which is due to be installed in the Debian FTP archive:

znc_0.058-2+lenny1.diff.gz
  to pool/main/z/znc/znc_0.058-2+lenny1.diff.gz
znc_0.058-2+lenny1.dsc
  to pool/main/z/znc/znc_0.058-2+lenny1.dsc
znc_0.058-2+lenny1_amd64.deb
  to pool/main/z/znc/znc_0.058-2+lenny1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 516950@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Patrick Matthäi <patrick.matthaei@web.de> (supplier of updated znc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed,  4 Mar 2009 11:55:21 +0200
Source: znc
Binary: znc
Architecture: source amd64
Version: 0.058-2+lenny1
Distribution: stable-security
Urgency: low
Maintainer: Patrick Matthäi <patrick.matthaei@web.de>
Changed-By: Patrick Matthäi <patrick.matthaei@web.de>
Description: 
 znc        - advanced modular IRC bouncer
Closes: 516950
Changes: 
 znc (0.058-2+lenny1) stable-security; urgency=low
 .
   * Add 02-webmin-priv-escalation.dpatch which properly handle newlines in
     CHTTPSock::GetParam() and strip them out. This patch fixes an important
     privilege escalation.
     Closes: #516950
Checksums-Sha1: 
 d597305b023c8c62c19625444d8244b3ed0cab14 1332 znc_0.058-2+lenny1.dsc
 1f20fa91db80b3ac870e3cc4e77b9e66c9113f49 340741 znc_0.058.orig.tar.gz
 ea2c81d35ca48c3fb1b783761589906d33b52299 8253 znc_0.058-2+lenny1.diff.gz
 93cc4723bf02740ebdff79b8863f2b5de4500782 1028438 znc_0.058-2+lenny1_amd64.deb
Checksums-Sha256: 
 78ce1b631c7f7b03a1b4b7fbb7835cec37ff89235532b97cc8cc0a61d76716eb 1332 znc_0.058-2+lenny1.dsc
 f25a13e28f40546bf15c50f5a45e81206b8667329540af0a0d427afbef450714 340741 znc_0.058.orig.tar.gz
 b7b808eccdb679cda8ed02823199ca3fa7fd0a0760b2bc1f2a460d751379c0cb 8253 znc_0.058-2+lenny1.diff.gz
 c5b160d2b43d6e3eb4546bf4a5a6ed69656a3165bfc689829b15d4619c3147c1 1028438 znc_0.058-2+lenny1_amd64.deb
Files: 
 c657b80b61750fc072ce257c1d682b21 1332 net optional znc_0.058-2+lenny1.dsc
 c02fd740c55d5b3a7912f7584344103e 340741 net optional znc_0.058.orig.tar.gz
 04053487dbf0b49da04ded749d1c384e 8253 net optional znc_0.058-2+lenny1.diff.gz
 f2058b3d07a9233cef8f9ca0dfec6673 1028438 net optional znc_0.058-2+lenny1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJtCbAAAoJEL97/wQC1SS+8H0IAKwtGwr/gMLmtXHRcezeeY7C
1Wy2YQqEVnkLXolI86Mp/5w5MOhtdqN5nSWobgQwimfohV5FXaKsPvxiWI7A1FdH
t4BWO8+Xx8hG3zZYeHX2fsgHubT+5U5n7xX5Q5REFosbfNjNZBrS5J/9Aupk+TIm
3MC8rs2nkrRN1tZkkexr3i4eZJPZy+o1T6hO2TaHqe7/WIdl+es8sQGHTFAPm20O
UG9LG4BLkFHNhZGkcP1yN4BzX0FAP5wvOHEz5K9cXdqXwoOZczA1HyaLu56JtDQV
qdOZ44xlQVjneb57PDybpvm6FyONlq4xtdnIds/t7pAh+mgszR2pF03S+i+cnfw=
=LNB3
-----END PGP SIGNATURE-----





Reply sent to Patrick Matthäi <patrick.matthaei@web.de>:
You have taken responsibility. (Thu, 09 Apr 2009 17:18:07 GMT) Full text and rfc822 format available.

Notification sent to Uli Schlachter <psychon@znc.in>:
Bug acknowledged by developer. (Thu, 09 Apr 2009 17:18:07 GMT) Full text and rfc822 format available.

Message #25 received at 516950-close@bugs.debian.org (full text, mbox):

From: Patrick Matthäi <patrick.matthaei@web.de>
To: 516950-close@bugs.debian.org
Subject: Bug#516950: fixed in znc 0.045-3+etch2
Date: Thu, 09 Apr 2009 17:12:48 +0000
Source: znc
Source-Version: 0.045-3+etch2

We believe that the bug you reported is fixed in the latest version of
znc, which is due to be installed in the Debian FTP archive:

znc_0.045-3+etch2.diff.gz
  to pool/main/z/znc/znc_0.045-3+etch2.diff.gz
znc_0.045-3+etch2.dsc
  to pool/main/z/znc/znc_0.045-3+etch2.dsc
znc_0.045-3+etch2_amd64.deb
  to pool/main/z/znc/znc_0.045-3+etch2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 516950@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Patrick Matthäi <patrick.matthaei@web.de> (supplier of updated znc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed,  4 Mar 2009 12:07:13 +0200
Source: znc
Binary: znc
Architecture: source amd64
Version: 0.045-3+etch2
Distribution: oldstable-security
Urgency: low
Maintainer: Patrick Matthäi <patrick.matthaei@web.de>
Changed-By: Patrick Matthäi <patrick.matthaei@web.de>
Description: 
 znc        - an advanced IRC bouncer
Closes: 516950
Changes: 
 znc (0.045-3+etch2) oldstable-security; urgency=low
 .
   * Backported upstream patch from the 0.066 release which fixes the handling
     of newlines in CHTTPSock::GetParam() and strip them out. This patch fixes
     an important privilege escalation in the webadmin module.
     Closes: #516950
Files: 
 1962af4c56b4c4c169832249d6b99f30 962 net optional znc_0.045-3+etch2.dsc
 9a514b125b7514811fd03befa73cce77 204863 net optional znc_0.045.orig.tar.gz
 c254e989604122fb7267a0fafeddfd95 12817 net optional znc_0.045-3+etch2.diff.gz
 80c9126c518abe062265cee5d94ca6f1 793694 net optional znc_0.045-3+etch2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJtCauAAoJEL97/wQC1SS+4UsH/R7TOVSGU2ElGTnzm+XpCYN9
w1GK9X+gqEe8L25lmsPWDPsESOtCh4FNc2msh7olF3seh00mxAaumwThp76c7+PX
mZAPLL2S3rH8CK26NejaZ57VLzAaFzv0UYThJB/VnlWmE8912W2tVTObOIC0VT9l
jm2KEtrW46iW+FOCKdHXjlTAs7K8Yry6MfOXfb75I1XYbqPGI8H3bDwVVY6W+SD7
TEBPAB1xZ6E+oSA+aioShES0SRIo2j3gx2nZwMXs5tXDMEm+xApNwiLRq/XJMWrN
ByNzzl8WQXbzwhgQF7ObUFgrT4kvfF/3bs1TBmv/HeDduMN4IpcXPW9FALHgtAI=
=uCgY
-----END PGP SIGNATURE-----





Reply sent to Patrick Matthäi <patrick.matthaei@web.de>:
You have taken responsibility. (Sat, 11 Apr 2009 17:36:13 GMT) Full text and rfc822 format available.

Notification sent to Uli Schlachter <psychon@znc.in>:
Bug acknowledged by developer. (Sat, 11 Apr 2009 17:36:13 GMT) Full text and rfc822 format available.

Message #30 received at 516950-close@bugs.debian.org (full text, mbox):

From: Patrick Matthäi <patrick.matthaei@web.de>
To: 516950-close@bugs.debian.org
Subject: Bug#516950: fixed in znc 0.058-2+lenny1
Date: Sat, 11 Apr 2009 16:47:48 +0000
Source: znc
Source-Version: 0.058-2+lenny1

We believe that the bug you reported is fixed in the latest version of
znc, which is due to be installed in the Debian FTP archive:

znc_0.058-2+lenny1.diff.gz
  to pool/main/z/znc/znc_0.058-2+lenny1.diff.gz
znc_0.058-2+lenny1.dsc
  to pool/main/z/znc/znc_0.058-2+lenny1.dsc
znc_0.058-2+lenny1_amd64.deb
  to pool/main/z/znc/znc_0.058-2+lenny1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 516950@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Patrick Matthäi <patrick.matthaei@web.de> (supplier of updated znc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed,  4 Mar 2009 11:55:21 +0200
Source: znc
Binary: znc
Architecture: source amd64
Version: 0.058-2+lenny1
Distribution: stable-security
Urgency: low
Maintainer: Patrick Matthäi <patrick.matthaei@web.de>
Changed-By: Patrick Matthäi <patrick.matthaei@web.de>
Description: 
 znc        - advanced modular IRC bouncer
Closes: 516950
Changes: 
 znc (0.058-2+lenny1) stable-security; urgency=low
 .
   * Add 02-webmin-priv-escalation.dpatch which properly handle newlines in
     CHTTPSock::GetParam() and strip them out. This patch fixes an important
     privilege escalation.
     Closes: #516950
Checksums-Sha1: 
 d597305b023c8c62c19625444d8244b3ed0cab14 1332 znc_0.058-2+lenny1.dsc
 1f20fa91db80b3ac870e3cc4e77b9e66c9113f49 340741 znc_0.058.orig.tar.gz
 ea2c81d35ca48c3fb1b783761589906d33b52299 8253 znc_0.058-2+lenny1.diff.gz
 93cc4723bf02740ebdff79b8863f2b5de4500782 1028438 znc_0.058-2+lenny1_amd64.deb
Checksums-Sha256: 
 78ce1b631c7f7b03a1b4b7fbb7835cec37ff89235532b97cc8cc0a61d76716eb 1332 znc_0.058-2+lenny1.dsc
 f25a13e28f40546bf15c50f5a45e81206b8667329540af0a0d427afbef450714 340741 znc_0.058.orig.tar.gz
 b7b808eccdb679cda8ed02823199ca3fa7fd0a0760b2bc1f2a460d751379c0cb 8253 znc_0.058-2+lenny1.diff.gz
 c5b160d2b43d6e3eb4546bf4a5a6ed69656a3165bfc689829b15d4619c3147c1 1028438 znc_0.058-2+lenny1_amd64.deb
Files: 
 c657b80b61750fc072ce257c1d682b21 1332 net optional znc_0.058-2+lenny1.dsc
 c02fd740c55d5b3a7912f7584344103e 340741 net optional znc_0.058.orig.tar.gz
 04053487dbf0b49da04ded749d1c384e 8253 net optional znc_0.058-2+lenny1.diff.gz
 f2058b3d07a9233cef8f9ca0dfec6673 1028438 net optional znc_0.058-2+lenny1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJtCbAAAoJEL97/wQC1SS+8H0IAKwtGwr/gMLmtXHRcezeeY7C
1Wy2YQqEVnkLXolI86Mp/5w5MOhtdqN5nSWobgQwimfohV5FXaKsPvxiWI7A1FdH
t4BWO8+Xx8hG3zZYeHX2fsgHubT+5U5n7xX5Q5REFosbfNjNZBrS5J/9Aupk+TIm
3MC8rs2nkrRN1tZkkexr3i4eZJPZy+o1T6hO2TaHqe7/WIdl+es8sQGHTFAPm20O
UG9LG4BLkFHNhZGkcP1yN4BzX0FAP5wvOHEz5K9cXdqXwoOZczA1HyaLu56JtDQV
qdOZ44xlQVjneb57PDybpvm6FyONlq4xtdnIds/t7pAh+mgszR2pF03S+i+cnfw=
=LNB3
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 10 May 2009 07:31:44 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 11:57:42 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.