Comment 17 for bug 1781925

This bug was fixed in the package znc - 1.2-3ubuntu0.1

---------------
znc (1.2-3ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Privilege escalation for non-admin users (LP: #1781925)
    - debian/patches/CVE-2018-14055-1.patch: Remove newlines from incoming
      network configuration change directives. Based on upstream patch.
    - debian/patches/CVE-2018-14055-2.patch: Remove extra newlines when
      writing out configuration file. Based on upstream patch.
    - CVE-2018-14055
  * SECURITY UPDATE: Path traversal flaw allows access to files outside of
    skins (LP: #1781925)
    - debian/patches/CVE-2018-14056.patch: Replace path traversal components
      in skin names to ensure path traversal is not possible. Based on
      upstream patch.
    - CVE-2018-14056
  * SECURITY UPDATE: Denial of service (crash) from remote authenticated users
    - debian/patches/CVE-2014-9403.patch: Check whether channel exists
      when dealing with user specified channel name. Based on upstream
      patch.
    - CVE-2014-9403

 -- Alex Murray <email address hidden> Tue, 07 Aug 2018 14:38:37 +0930