"ngIRCd-versions previous to 0.10.4 comprise an error which can be used (also by remote) to crash the daemon. All installations should be updated to version 0.10.4 or subsequent versions."
0.10.4 in CVS
Arches, please test and mark stable net-irc/ngircd-0.10.4. Target keywords : "ppc x86" amd64, want this stable too? Been there for some time.
From ChangeLog: ngIRCd 0.10.4 (2008-01-07) - SECURITY: IRC_PART could reference invalid memory, causing ngircd to crash [from HEAD].
x86 stable
We'll mark it stable after it's been a month or so. Currently no real reason to mark it stable. @armin76, would you be so kind as to stab me when in a month so that I can mark it stable? :)
ppc stable
(In reply to comment #5) > @armin76, would you be so kind as to stab me when in a month so > that I can mark it stable? :) > He's always kind enough to stab you ;) *hides*
GLSA vote. YES for me.
YES from me as well.
Mh, the next major-release is published, but i don't want to file a zero-day-bump-request :-) http://ngircd.barton.de/index.html.en Changelog ngIRCd 0.11.0 (2008-01-15) ngIRCd 0.11.0-pre2 (2008-01-07) - SECURITY: IRC_PART could reference invalid memory, causing ngircd to crash [from HEAD]. ngIRCd 0.11.0-pre1 (2008-01-02) - Use dotted-decimal IP address if hostname is >= 64. - Add support for /STAT u (server uptime) command. - New [Server] configuration Option "Bind" allows to specify the source ip adress to use when connecting to remote server. - New configuration option "MaxNickLength" to specify the allowed maximum length of user nick names. Note: must be unique in an IRC network! - Enhanced the IRC+ protocol to support an enhanced "server handshake" and enable server to recognice numeric 005 (ISUPPORT) and 376 (ENDOFMOTD). See doc/Protocol.txt for details. - Re-added doc/SSL.txt to distribution -- got lost somewhere!? - Fixes the wrong logging output when nested servers are introduced to the network as well as the wrong output of the LINKS command. - Update Mac OS X Xcode project file for Xcode 3. - Adjust test suite to be usable on HP/UX 11.11 :-) - Fix code to compile using K&R C compiler and ansi2kr again. - New config option NoDNS: Disables DNS lookups when clients connect. - Fixed propagation of channel mode 'P' on server links. - Numeric 317: implemented "signon time" (displayed in WHOIS result). - Fixed code that prevented GCC 2.95 to compile ngIRCd. - Adjust path names in manual pages according to "./configure" settings. - Added new server configuration option "Passive" for "Server" blocks to disable automatic outgoing connections (similar to -p option to ngircd, but only for the specified server). (Tassilo Schweyer) - Don't connect to a server if a connection to another server within the same group is already in progress. - Added support for the WALLOPS command. Usage is restricted to IRC operators.
(In reply to comment #10) > Mh, the next major-release is published, but i don't want to file a > zero-day-bump-request :-) That is definitely stuff for a new bug, but give maintainers some days please.
CVE-2008-0285 was assigned.
GLSA 200801-13, all done.