Fedora 29: znc Security Update
Summary
ZNC is an IRC bouncer with many advanced features like detaching,
multiple users, per channel playback buffer, SSL, IPv6, transparent
DCC bouncing, Perl and C++ module support to name a few.
Fixes CVE-2019-9917
* Tue Apr 9 2019 Nick Bebout
- Update to 1.7.3
* Wed Mar 27 2019 Nick Bebout
- Update to 1.7.3-rc1 to fix CVE-2019-9917
* Sun Feb 3 2019 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Jan 29 2019 Jason L Tibbitts III
- Update to 1.7.2.
- Fix three paths in the manpage (#1624519).
* Wed Jan 23 2019 Pete Walter
- Rebuild for ICU 63
* Fri Aug 24 2018 Todd Zullinger
- Clean up ancient Fedora and RHEL conditionals
- Remove cruft from %prep
- Use %autosetup, %make_build, and %make_install macros
- Use https for URL and SOURCE tags
- Check upstream GPG signature in %prep
- Simplify %{_libdir}/znc/ file list
- Enable verbose make
- Pass --with-tcl to ensure tclConfig.sh is found
- Remove Group tag
- Use system-wide crypto policy
- Use %license tag for LICENSE file
- Add ChangeLog.md and NOTICE files to %doc
- Move znc-buildmod.1 to znc-devel
[ 1 ] Bug #1692771 - CVE-2019-9917 znc: crash on invalid encoding [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1692771
[ 2 ] Bug #1692770 - CVE-2019-9917 znc: crash on invalid encoding [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1692770
[ 3 ] Bug #1691613 - znc-1.7.3-rc1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1691613
su -c 'dnf upgrade --advisory FEDORA-2019-d5ad4a435c' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
FEDORA-2019-d5ad4a435c 2019-04-23 20:13:25.293520 Product : Fedora 29 Version : 1.7.3 Release : 1.fc29 URL : https://wiki.znc.in/ZNC Summary : An advanced IRC bouncer Description : ZNC is an IRC bouncer with many advanced features like detaching, multiple users, per channel playback buffer, SSL, IPv6, transparent DCC bouncing, Perl and C++ module support to name a few. Fixes CVE-2019-9917 * Tue Apr 9 2019 Nick Bebout - 1.7.3-1 - Update to 1.7.3 * Wed Mar 27 2019 Nick Bebout - 1.7.3-0.1 - Update to 1.7.3-rc1 to fix CVE-2019-9917 * Sun Feb 3 2019 Fedora Release Engineering - 1.7.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Tue Jan 29 2019 Jason L Tibbitts III - 1.7.2-1 - Update to 1.7.2. - Fix three paths in the manpage (#1624519). * Wed Jan 23 2019 Pete Walter - 1.7.1-4 - Rebuild for ICU 63 * Fri Aug 24 2018 Todd Zullinger - 1.7.1-3 - Clean up ancient Fedora and RHEL conditionals - Remove cruft from %prep - Use %autosetup, %make_build, and %make_install macros - Use https for URL and SOURCE tags - Check upstream GPG signature in %prep - Simplify %{_libdir}/znc/ file list - Enable verbose make - Pass --with-tcl to ensure tclConfig.sh is found - Remove Group tag - Use system-wide crypto policy - Use %license tag for LICENSE file - Add ChangeLog.md and NOTICE files to %doc - Move znc-buildmod.1 to znc-devel [ 1 ] Bug #1692771 - CVE-2019-9917 znc: crash on invalid encoding [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1692771 [ 2 ] Bug #1692770 - CVE-2019-9917 znc: crash on invalid encoding [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1692770 [ 3 ] Bug #1691613 - znc-1.7.3-rc1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1691613 su -c 'dnf upgrade --advisory FEDORA-2019-d5ad4a435c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Change Log
References