Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#39854 - [znc] ZNC can be crashed by any user if webadmin is loaded
Attached to Project:
Community Packages
Opened by Richard Schwab (Nothing4You) - Monday, 14 April 2014, 22:15 GMT
Last edited by Sébastien Luttringer (seblu) - Monday, 05 May 2014, 23:38 GMT
Opened by Richard Schwab (Nothing4You) - Monday, 14 April 2014, 22:15 GMT
Last edited by Sébastien Luttringer (seblu) - Monday, 05 May 2014, 23:38 GMT
|
DetailsDescription:
Details: https://github.com/znc/znc/issues/528 Patch: https://github.com/znc/znc/commit/5e6e3be32acfeadeaf1fb3bb17bada08aec6432f Any version since znc-0.043~72 is affected. Sidenote: Any user can load webadmin as long as the module exists. Quoting https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744712#10 the bug was introduced in the following commit: https://github.com/znc/znc/commit/997023ea9de8fcc4ab68f0139015e1b7dba3b8a9 This is from 2005. Or put differently, everything this release is affected: $ git describe --contains 997023ea9de8fcc4ab68f0139015e1b7dba3b8a9 znc-0.043~72 |
This task depends upon
Closed by Sébastien Luttringer (seblu)
Monday, 05 May 2014, 23:38 GMT
Reason for closing: Fixed
Additional comments about closing: znc-1.2-3
Monday, 05 May 2014, 23:38 GMT
Reason for closing: Fixed
Additional comments about closing: znc-1.2-3
Comment by Sébastien Luttringer (seblu) -
Thursday, 17 April 2014, 21:39 GMT
A security release is expected.
Comment by Sébastien Luttringer (seblu) -
Monday, 05 May 2014, 23:38 GMT
As there is still no security release since ~20 days. Fixed in -3.