Your message dated Mon, 08 Jul 2024 14:55:10 +0000
with message-id <e1sqplm-005fv8...@fasolo.debian.org>
and subject line Bug#1075729: fixed in znc 1.9.1-1
has caused the Debian Bug report #1075729,
regarding znc: CVE-2024-39844
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1075729: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075729
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: znc
Version: 1.9.0-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 1.8.2-2
Control: found -1 1.8.2-3.1
Control: fixed -1 1.8.2-2+deb11u1
Control: fixed -1 1.8.2-3.1+deb12u1
Hi,
The following vulnerability was published for znc.
CVE-2024-39844[0]:
| In ZNC before 1.9.1, remote code execution can occur in modtcl via a
| KICK.
The version with above fixed versions were uploaded to security-master
and will be released in the upcoming DSA for znc.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-39844
https://www.cve.org/CVERecord?id=CVE-2024-39844
[1] https://wiki.znc.in/ChangeLog/1.9.1
[2] https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: znc
Source-Version: 1.9.1-1
Done: Patrick Matthäi <pmatth...@debian.org>
We believe that the bug you reported is fixed in the latest version of
znc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1075...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patrick Matthäi <pmatth...@debian.org> (supplier of updated znc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 08 Jul 2024 14:56:14 +0200
Source: znc
Architecture: source
Version: 1.9.1-1
Distribution: unstable
Urgency: high
Maintainer: Patrick Matthäi <pmatth...@debian.org>
Changed-By: Patrick Matthäi <pmatth...@debian.org>
Closes: 1075729
Changes:
znc (1.9.1-1) unstable; urgency=high
.
* New upstream release.
- Fix RCE vulnerability in modtcl as described in CVE-2024-39844.
Closes: #1075729
* Bump Standards-Version to 4.7.0.
* Add 1.8.2-3.1+deb12u1 changelog entry.
Checksums-Sha1:
ebf721fa4729224776164efe6f4429f220149984 2437 znc_1.9.1-1.dsc
fbaf45d698151b647316007430b690d58705d6ef 2236498 znc_1.9.1.orig.tar.gz
d7f22af6b63b1dd1362836e53c92067dbe3a5b59 833 znc_1.9.1.orig.tar.gz.asc
724106cc15f71a4c40b152900716eaf441e7f6e3 511980 znc_1.9.1-1.debian.tar.xz
e34a469788b0e62b6a825de9dbda7ce4299fa69c 7991 znc_1.9.1-1_source.buildinfo
Checksums-Sha256:
d706aa5eacf358daeed0b7ce9dc8915d9f9b10e933109ec6333781f5e0cc2e99 2437
znc_1.9.1-1.dsc
e8a7cf80e19aad510b4e282eaf61b56bc30df88ea2e0f64fadcdd303c4894f3c 2236498
znc_1.9.1.orig.tar.gz
99ba195266a6a1b0fcff3c4c005a11a2c417e0a34d4fd54bd5af37eef4be4e48 833
znc_1.9.1.orig.tar.gz.asc
6abc06549ec7c9b9599140d98891ffbcf42118894ce4a5eb5fa7643c6b14811c 511980
znc_1.9.1-1.debian.tar.xz
89e7b344747ab81ebce0fb87496a6cb24b40ce5903309064481ffbea39b73aac 7991
znc_1.9.1-1_source.buildinfo
Files:
5abd22e51d4be76a6409dbb18f81bd29 2437 net optional znc_1.9.1-1.dsc
85ec4aec1c5d072c63c4b58f442e9710 2236498 net optional znc_1.9.1.orig.tar.gz
cf1a4f3e05e33e83b5ee48c3a229f085 833 net optional znc_1.9.1.orig.tar.gz.asc
dd4e002759df45c3a0d1fbb70d8e64b8 511980 net optional znc_1.9.1-1.debian.tar.xz
cfa5de7f6a2e9c7aae2930aaa1056ed3 7991 net optional znc_1.9.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAmaL7u8ACgkQEtmwSpDL
2ORWGA//UhDZsuaH0BV22VoKNkEWoazcy9W6Ado10//I0UlPxtTB4TRs2hlNjy60
IXCsDBdm3G/iBNCDMfJDj8r3mbOMewC4lhM2J8QsM+r6eAcesrkDB20rRdXTYmdI
k/unIYi3XEgN3fPPd0s5i3BbzqDYus0KwPHGET8JosAucsoWsYEjz7qz0Z3x+Nsl
HcLOFnVqXCrqtxKNAaiwbSUJPLOMjIvKMyN0yUSAn/7dyJBYFrucV0fHKaq4wiAv
8A2pf0GX0LhpXzz0Nn6f5yh4A8v2l1olm9/SYbTjSVfGi5QgC/8SYv4Nhvs+ReX+
/ectfRKnTIHMNGeu5nn3Xzxdd9LWmd6JxzD4Swm/tF+8SPdj2mt4+i6AyzyNe5dP
2/DG5aewOOxFWYp8zhUc8M2GQYiEeK32dRihI54z3zc9EEVPxj8Risu7vS/QiV3t
GRPudp2aAdxo/rffCA0s5f4x88ty2LeQhmOpyg+zsD/LtzH02WvRXegACY/FGO09
eK3QduVRNzzWvBDu+tc2q/ZC0nokN9jmuzIU5DnueFJw3CFwWRXJMbXmh6HAkWz/
caSKWXb0/MjmtPsTEz6+nukYAZs6wX0kPblufMwVcSCvVuivYgU9NLiV75f5Mfz8
P1kxMGW9mnNF2UKf/zQhplL74KZmPI8wgM9Ino7Ev9aPJpPNxHM=
=qG4m
-----END PGP SIGNATURE-----
pgpCcMhWPPkpE.pgp
Description: PGP signature
--- End Message ---
