Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which
could result in privilege escalation or denial of service
For the stable distribution (stretch), these problems have been fixed in
version 165-1+deb9u1
We recommend that you upgrade your znc packages
For the detailed security status of znc please refer to
its security track ...
ZNC before 171-rc1 is prone to a path traversal flaw A non-admin user can set web skin name to / to access files outside of the intended skins directories and to cause DoS ...