mirrors/ngircd
1
0
Fork 0
mirror of https://github.com/osmarks/ngircd.git synced 2024-12-12 09:50:29 +00:00
Code Issues Releases Wiki Activity

ngIRCd Release 20.3

Browse Source
This commit is contained in:
Alexander Barton 2013-08-23 21:54:40 +02:00
parent d24df64397
commit bb6e277963
4 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ChangeLog
View File

@ -9,10 +9,18 @@
-- ChangeLog -- -- ChangeLog --
ngIRCd 20.3 (2013-08-23)
- Security: Fix a denial of service bug (server crash) which could happen
when the configuration option "NoticeAuth" is enabled (which is NOT the
default) and ngIRCd failed to send the "notice auth" messages to new
clients connecting to the server (CVE-2013-5580).
ngIRCd 20.2 (2013-02-15) ngIRCd 20.2 (2013-02-15)
- Security: Fix a denial of service bug in the function handling KICK - Security: Fix a denial of service bug in the function handling KICK
commands that could be used by arbitrary users to to crash the daemon. commands that could be used by arbitrary users to to crash the daemon
(CVE-2013-1747).
- WHO command: Use the currently "displayed hostname" (which can be cloaked!) - WHO command: Use the currently "displayed hostname" (which can be cloaked!)
for hostname matching, not the real one. In other words: don't display all for hostname matching, not the real one. In other words: don't display all
the cloaked users on a specific real hostname! the cloaked users on a specific real hostname!

11
NEWS
View File

@ -9,11 +9,20 @@
-- NEWS -- -- NEWS --
ngIRCd 20.3 (2013-08-23)
- This release is a bugfix release only, without new features.
- Security: Fix a denial of service bug (server crash) which could happen
when the configuration option "NoticeAuth" is enabled (which is NOT the
default) and ngIRCd failed to send the "notice auth" messages to new
clients connecting to the server (CVE-2013-5580).
ngIRCd 20.2 (2013-02-15) ngIRCd 20.2 (2013-02-15)
- This release is a bugfix release only, without new features. - This release is a bugfix release only, without new features.
- Security: Fix a denial of service bug in the function handling KICK - Security: Fix a denial of service bug in the function handling KICK
commands that could be used by arbitrary users to to crash the daemon. commands that could be used by arbitrary users to to crash the daemon
(CVE-2013-1747).
ngIRCd 20.1 (2013-01-02) ngIRCd 20.1 (2013-01-02)

6
contrib/Debian/changelog
View File

@ -1,3 +1,9 @@
ngircd (20.3-0ab1) unstable; urgency=high
* New "upstream" release, fixing a security related bug: ngIRCd 20.3.
-- Alexander Barton <alex@barton.de> Fri, 23 Aug 2013 21:53:21 +0200
ngircd (20.2-0ab1) unstable; urgency=high ngircd (20.2-0ab1) unstable; urgency=high
* New "upstream" release, fixing a security related bug: ngIRCd 20.2. * New "upstream" release, fixing a security related bug: ngIRCd 20.2.

2
contrib/ngircd.spec
View File

@ -1,5 +1,5 @@
%define name ngircd %define name ngircd
%define version 20.2 %define version 20.3
%define release 1 %define release 1
%define prefix %{_prefix} %define prefix %{_prefix}