Source: znc Version: 1.9.0-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1.8.2-2 Control: found -1 1.8.2-3.1 Control: fixed -1 1.8.2-2+deb11u1 Control: fixed -1 1.8.2-3.1+deb12u1
Hi, The following vulnerability was published for znc. CVE-2024-39844[0]: | In ZNC before 1.9.1, remote code execution can occur in modtcl via a | KICK. The version with above fixed versions were uploaded to security-master and will be released in the upcoming DSA for znc. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-39844 https://www.cve.org/CVERecord?id=CVE-2024-39844 [1] https://wiki.znc.in/ChangeLog/1.9.1 [2] https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e Regards, Salvatore
