ngIRCd Release 20.3

2024-10-27 20:36:18 +00:00 · 2013-08-23 21:54:40 +02:00 · 2013-08-23 21:54:40 +02:00 · bb6e277963
commit bb6e277963
parent d24df64397
4 changed files with 26 additions and 3 deletions
--- a/10
+++ b/10
@ -9,10 +9,18 @@
                               -- ChangeLog --


+ngIRCd 20.3 (2013-08-23)
+
+  - Security: Fix a denial of service bug (server crash) which could happen
+    when the configuration option "NoticeAuth" is enabled (which is NOT the
+    default) and ngIRCd failed to send the "notice auth" messages to new
+    clients connecting to the server (CVE-2013-5580).
+
 ngIRCd 20.2 (2013-02-15)

  - Security: Fix a denial of service bug in the function handling KICK
-    commands that could be used by arbitrary users to to crash the daemon.
+    commands that could be used by arbitrary users to to crash the daemon
+    (CVE-2013-1747).
  - WHO command: Use the currently "displayed hostname" (which can be cloaked!)
    for hostname matching, not the real one. In other words: don't display all
    the cloaked users on a specific real hostname!
--- a/11
+++ b/11
@ -9,11 +9,20 @@
                                  -- NEWS --


+ngIRCd 20.3 (2013-08-23)
+
+  - This release is a bugfix release only, without new features.
+  - Security: Fix a denial of service bug (server crash) which could happen
+    when the configuration option "NoticeAuth" is enabled (which is NOT the
+    default) and ngIRCd failed to send the "notice auth" messages to new
+    clients connecting to the server (CVE-2013-5580).
+
 ngIRCd 20.2 (2013-02-15)

  - This release is a bugfix release only, without new features.
  - Security: Fix a denial of service bug in the function handling KICK
-    commands that could be used by arbitrary users to to crash the daemon.
+    commands that could be used by arbitrary users to to crash the daemon
+    (CVE-2013-1747).

 ngIRCd 20.1 (2013-01-02)

--- a/contrib/Debian/changelog
+++ b/contrib/Debian/changelog
@ -1,3 +1,9 @@
+ngircd (20.3-0ab1) unstable; urgency=high
+
+  * New "upstream" release, fixing a security related bug: ngIRCd 20.3.
+
+ -- Alexander Barton <alex@barton.de>  Fri, 23 Aug 2013 21:53:21 +0200
+
 ngircd (20.2-0ab1) unstable; urgency=high

  * New "upstream" release, fixing a security related bug: ngIRCd 20.2.
--- a/contrib/ngircd.spec
+++ b/contrib/ngircd.spec
@ -1,5 +1,5 @@
 %define name    ngircd
-%define version 20.2
+%define version 20.3
 %define release 1
 %define prefix  %{_prefix}